[ossec-list] Re: OSSEC log iptables problems (not all are loggued by OSSEC)

xtz . info Thu, 01 Feb 2007 09:38:47 -0800

this are not loggued:

Feb  1 18:00:58 gatlan kernel: DROP FLOOD_ICMP IN=ppp0 OUT= MAC=
SRC=90.19.58.253 DST=90.20.131.158 LEN=60 TOS=0x00 PREC=0x00 TTL=125
ID=41650 PROTO=ICMP TYPE=8 CODE=0 ID=256 SEQ=10241



On Feb 1, 5:53 pm, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
wrote:
> I have a problem when OSSEC log iptables logFeb  1 17:47:41 gatlan kernel: 
> DROP ICMP_ERROR IN=ppp0 OUT= MAC= SRC=203.141.119.233 DST=90.20.131.158 
> LEN=94 TOS=0x00 PREC=0x00 TTL=44 ID=59875 PROTO=ICMP TYPE=3 CODE=1 
> [SRC=90.20.131.158 DST=192.168.11.2 LEN=66 TOS=0x00 PREC=0x00 TTL=43 ID=47914 
> PROTO=UDP SPT=9689 DPT=4672 LEN=46 ]
> this are loggued, but this:Feb  1 17:51:35 gatlan kernel: DROP SPOOF IN=ppp0 
> OUT= MAC= SRC=192.168.1.2 DST=90.20.131.158 LEN=40 TOS=0x00 PREC=0x00 TTL=113 
> ID=5460 DF PROTO=TCP SPT=4662 DPT=4346 WINDOW=65205 RES=0x00 ACK FIN URGP=0
> are not loggued by OSSEC, i don't not why...

[ossec-list] Re: OSSEC log iptables problems (not all are loggued by OSSEC)

Reply via email to