configure logs to track source of outgoing requests

configure logs to track source of outgoing requests

am 11.04.2008 06:32:20 von j k

------=_Part_4819_22305131.1207888340977
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I am seeing some odd log entries like this:
Apr 10 05:14:09 OutDropped:IN= OUT=eth0 SRC=xx.xx.xx.xx
DST=66.249.31.43LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47089 DF PROTO=TCP
SPT=37356 DPT=3306
WINDOW=5840 RES=0x00 SYN URGP=0

where xx.xx.xx.xx is the ip of our server, and 66.249.31.43 does not resolve
to a hostname but does respond to pings.

I'm wondering how to configure logging to show where these requests are
coming from so I can track down what is causing them?

Thanks.

------=_Part_4819_22305131.1207888340977
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I am seeing some odd log entries like this:
Apr 10 05:14:09 OutDropped:IN= OUT=eth0 SRC=xx.xx.xx.xx DST= LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47089 DF PROTO=TCP SPT=37356 DPT=3306 WINDOW=5840 RES=0x00 SYN URGP=0


where xx.xx.xx.xx is the ip of our server, and does not resolve to a hostname but does respond to pings.

I'm wondering how to configure logging to show where these requests are coming from so I can track down what is causing them?


Thanks.


------=_Part_4819_22305131.1207888340977--

Re: configure logs to track source of outgoing requests

am 11.04.2008 16:14:04 von j k

------=_Part_6332_4974560.1207923244464
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Thu, Apr 10, 2008 at 9:32 PM, j k wrote:

> I am seeing some odd log entries like this:
> Apr 10 05:14:09 OutDropped:IN= OUT=eth0 SRC=xx.xx.xx.xx DST=66.249.31.43LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47089 DF PROTO=TCP SPT=37356 DPT=3306
> WINDOW=5840 RES=0x00 SYN URGP=0
>
> where xx.xx.xx.xx is the ip of our server, and 66.249.31.43 does not
> resolve to a hostname but does respond to pings.
>
> I'm wondering how to configure logging to show where these requests are
> coming from so I can track down what is causing them?
>

BTW I wasn't clear above, although I am showing a firewall log entry I am
asking about apache log configuration here as via apache is the most likely
source of the outgoing requests, maybe from javascript or the like. So is
there a way to insert some flag in the apache log to show for instnace which
virtual host a request comes from?
Or do I have this jumbled in my head and apache won't be logging anything
going out?
Thanks.

------=_Part_6332_4974560.1207923244464
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline



On Thu, Apr 10, 2008 at 9:32 PM, j k <> wrote:

I am seeing some odd log entries like this:
Apr 10 05:14:09 OutDropped:IN= OUT=eth0 SRC=xx.xx.xx.xx DST= LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47089 DF PROTO=TCP SPT=37356 DPT=3306 WINDOW=5840 RES=0x00 SYN URGP=0



where xx.xx.xx.xx is the ip of our server, and does not resolve to a hostname but does respond to pings.

I'm wondering how to configure logging to show where these requests are coming from so I can track down what is causing them?


 
BTW I wasn't clear above, although I am showing a firewall log entry I am asking about apache log configuration here as via apache is the most likely source of the outgoing requests, maybe from javascript or the like. So is there a way to insert some flag in the apache log to show for instnace which virtual host a request comes from?

Or do I have this jumbled in my head and apache won't be logging anything going out?
Thanks.


------=_Part_6332_4974560.1207923244464--