Strange log records
-
I'm getting a few strange entries in my logs; the following lines (with the exception of the last line) arrived in my logs in the usual way (rsyslog>sql), but I also received an additional line as in the next table:
Additional lines:
#011(tos 0x0, ttl 190,id 36853, offset 0, flags [none], proto UDP (17), length 32) 80.x.x.x.30421 > 58.221.41.30.15474: UDP, length 0 #in log #011(tos 0x0, ttl 163,id 64429, offset 0, flags [none], proto UDP (17), length 32) 80.x.x.x.33494 > 58.221.41.47.4263: UDP, length 0 #in log #011(tos 0x0, ttl 24, id 50497, offset 0, flags [none], proto UDP (17), length 32) 80.x.x.x.47630 > 58.221.43.167.33524: UDP, length 0 #in log #011(tos 0x0, ttl 1, id 65264, offset 0, flags [none], proto UDP (17), length 32) 80.x.x.x.49298 > 184.71.237.114.7869: UDP, length 0 #NOT in log
Normal log:
2012-06-26 19:16 1/0(match): block: fxp0 (tos 0x0, ttl 113, id 2192, offset 0, flags [none], proto ICMP (1), length 60) 58.221.41.30 > 80.x.x.x: ICMP 58.221.41.30 udp port 15474 unreachable, length 40 2012-06-26 21:54 1/0(match): block: fxp0 (tos 0x0, ttl 113, id 3002, offset 0, flags [none], proto ICMP (1), length 60) 58.221.41.47 > 80.x.x.x: ICMP 58.221.41.47 udp port 4263 unreachable, length 40 2012-06-27 03:23 1/0(match): block: fxp0 (tos 0x0, ttl 114, id 12556, offset 0, flags [none], proto ICMP (1), length 60) 58.221.43.167 > 80.x.x.x: ICMP 58.221.43.167 udp port 33524 unreachable, length 40
The last line did not show up in my SQL database, perhaps because the ttl=1?
Any suggestions?