Strange log records



  • I'm getting a few strange entries in my logs; the following lines (with the exception of the last line) arrived in my logs in the usual way (rsyslog>sql), but I also received an additional line as in the next table:

    Additional lines:

    #011(tos 0x0, ttl 190,id 36853, offset 0, flags [none], proto UDP (17), length 32)   80.x.x.x.30421 > 58.221.41.30.15474: UDP, length 0	#in log
    #011(tos 0x0, ttl 163,id 64429, offset 0, flags [none], proto UDP (17), length 32)   80.x.x.x.33494 > 58.221.41.47.4263: UDP, length 0	#in log
    #011(tos 0x0, ttl 24, id 50497, offset 0, flags [none], proto UDP (17), length 32)   80.x.x.x.47630 > 58.221.43.167.33524: UDP, length 0	#in log
    #011(tos 0x0, ttl 1,  id 65264, offset 0, flags [none], proto UDP (17), length 32)   80.x.x.x.49298 > 184.71.237.114.7869: UDP, length 0	#NOT in log
    
    

    Normal log:

    2012-06-26 19:16 1/0(match): block: fxp0 (tos 0x0, ttl 113, id 2192, offset 0, flags [none], proto ICMP (1), length 60)   58.221.41.30 > 80.x.x.x: ICMP 58.221.41.30 udp port 15474 unreachable, length 40
    2012-06-26 21:54 1/0(match): block: fxp0 (tos 0x0, ttl 113, id 3002, offset 0, flags [none], proto ICMP (1), length 60)   58.221.41.47 > 80.x.x.x: ICMP 58.221.41.47 udp port 4263 unreachable, length 40
    2012-06-27 03:23 1/0(match): block: fxp0 (tos 0x0, ttl 114, id 12556, offset 0, flags [none], proto ICMP (1), length 60)   58.221.43.167 > 80.x.x.x: ICMP 58.221.43.167 udp port 33524 unreachable, length 40
    
    

    The last line did not show up in my SQL database, perhaps because the ttl=1?

    Any suggestions?


Log in to reply