Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

Use of assignment to $[ is deprecated at /usr/local/sbin/apxs line 86. , wwwxxx vim, mysql closing table and opening table, 800c5000, setgid operation not permitted, pciehp: acpi_pciehprm on IBM, WWWXXX.DBF, 078274121, info0a ip, should prodicers of software_based services be held liable or not liable for economic injuries

Links

XODOX
Impressum

#1: configure logs to track source of outgoing requests

Posted on 2008-04-11 06:32:20 by j k

------=_Part_4819_22305131.1207888340977
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I am seeing some odd log entries like this:
Apr 10 05:14:09 OutDropped:IN= OUT=eth0 SRC=xx.xx.xx.xx
DST=66.249.31.43LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47089 DF PROTO=TCP
SPT=37356 DPT=3306
WINDOW=5840 RES=0x00 SYN URGP=0

where xx.xx.xx.xx is the ip of our server, and 66.249.31.43 does not resolve
to a hostname but does respond to pings.

I'm wondering how to configure logging to show where these requests are
coming from so I can track down what is causing them?

Thanks.

------=_Part_4819_22305131.1207888340977
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I am seeing some odd log entries like this:<br>Apr 10 05:14:09 OutDropped:IN= OUT=eth0 SRC=xx.xx.xx.xx DST=<a href="http://66.249.31.43">66.249.31.43</a> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47089 DF PROTO=TCP SPT=37356 DPT=3306 WINDOW=5840 RES=0x00 SYN URGP=0 <br>
<br>where xx.xx.xx.xx is the ip of our server, and <a href="http://66.249.31.43">66.249.31.43</a> does not resolve to a hostname but does respond to pings.<br><br>I&#39;m wondering how to configure logging to show where these requests are coming from so I can track down what is causing them?<br>
<br>Thanks.<br>

------=_Part_4819_22305131.1207888340977--

Report this message

#2: Re: configure logs to track source of outgoing requests

Posted on 2008-04-11 16:14:04 by j k

------=_Part_6332_4974560.1207923244464
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Thu, Apr 10, 2008 at 9:32 PM, j k <jonnykent@gmail.com> wrote:

> I am seeing some odd log entries like this:
> Apr 10 05:14:09 OutDropped:IN= OUT=eth0 SRC=xx.xx.xx.xx DST=66.249.31.43LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47089 DF PROTO=TCP SPT=37356 DPT=3306
> WINDOW=5840 RES=0x00 SYN URGP=0
>
> where xx.xx.xx.xx is the ip of our server, and 66.249.31.43 does not
> resolve to a hostname but does respond to pings.
>
> I'm wondering how to configure logging to show where these requests are
> coming from so I can track down what is causing them?
>

BTW I wasn't clear above, although I am showing a firewall log entry I am
asking about apache log configuration here as via apache is the most likely
source of the outgoing requests, maybe from javascript or the like. So is
there a way to insert some flag in the apache log to show for instnace which
virtual host a request comes from?
Or do I have this jumbled in my head and apache won't be logging anything
going out?
Thanks.

------=_Part_6332_4974560.1207923244464
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<br><br><div class="gmail_quote">On Thu, Apr 10, 2008 at 9:32 PM, j k &lt;<a href="mailto:jonnykent@gmail.com">jonnykent@gmail.com</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I am seeing some odd log entries like this:<br>Apr 10 05:14:09 OutDropped:IN= OUT=eth0 SRC=xx.xx.xx.xx DST=<a href="http://66.249.31.43" target="_blank">66.249.31.43</a> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47089 DF PROTO=TCP SPT=37356 DPT=3306 WINDOW=5840 RES=0x00 SYN URGP=0 <br>

<br>where xx.xx.xx.xx is the ip of our server, and <a href="http://66.249.31.43" target="_blank">66.249.31.43</a> does not resolve to a hostname but does respond to pings.<br><br>I&#39;m wondering how to configure logging to show where these requests are coming from so I can track down what is causing them?<br>

</blockquote><div>&nbsp;</div></div>BTW I wasn&#39;t clear above, although I am showing a firewall log entry I am asking about apache log configuration here as via apache is the most likely source of the outgoing requests, maybe from javascript or the like. So is there a way to insert some flag in the apache log to show for instnace which virtual host a request comes from?<br>
Or do I have this jumbled in my head and apache won&#39;t be logging anything going out?<br>Thanks. <br>

------=_Part_6332_4974560.1207923244464--

Report this message