ASUS Syslog

CDB1870

New Around Here
Hi,
Despite hunting high and low I cannot seem to find an explanation for the entries in the ASUS Syslog. I am running Merlin 386.4

Can somebody help decipher this?
Jan 19 09:46:53 kernel: ACCEPT IN=br0 OUT=tun12 MAC=3c:7c:3f:54:39:68:b8:08:cf:5d:72:d2:08:00 SRC=192.xx.xx.xx DST=34.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=49080 DF PROTO=TCP SPT=53117 DPT=443 SEQ=3164518116 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)

Thanks
C
 

ColinTaylor

Part of the Furniture
You have turned on logging of accepted packets (Firewall > General). Turn it off.
 

CDB1870

New Around Here
Thanks but what I am trying to understand is what these mean:
IN=br0
OUT=tun12
LEN=52
TOS=0x00
PREC=0x00
TTL=127 (Time To Live?)
ID=49080
DF
PROTO=TCP (Protocol?)
SPT=53117 (Source port?)
DPT=443 (Destination Port?)
SEQ=3164518116
ACK=0
WINDOW=64240
RES=0x00
SYN
URGP=0
OPT (020405B40103030801010402)
 

ColinTaylor

Part of the Furniture
It means that the LAN device at SRC is sending data to a host at DST over HTTPS (443). This traffic is going via your router's VPN client (tun12).

It's just standard IP header information.
 

ddaenen1

Senior Member
starting to surf logs is a nasty thing, which i learned the hard way. Even if you do not have any issue, log entries often make you believe you do and make you spend large amounts of time chasing ghosts.

A log is useful if you do experience an issue and may help you try to pinpoint the root cause.
 

CDB1870

New Around Here
Thanks and I am really using the syslog data to teach myself about Splunk - Dashboards, reports etc.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top