What's new

How to parse system log?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


Senior Member
I just updated my RT-68P to FW, and I poked around the UI afterwards. I noticed in the system log that most of the IPs were Russian or Chinese(!). But, I'm not sure how to interpret all of the info for a given entry. Can someone explain the pieces to me?

E.g.: Jan 3 17:57:31 kernel: DROP IN=vlan2 OUT= MAC=1c:87:2c:48:d9:b9:84:61:a0:63:a5:20:08:00:45:00:00:28 SRC= DST= LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=63509 PROTO=TCP SPT=40137 DPT=3518 SEQ=3560613561 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0

1) What does "DROP IN=vlan2" mean?
2) How can the MAC address be 18 octets long? The normal first six match my LAN MAC.
3) Anything worth noting about the rest of the pieces?

How can I tell what device on my LAN is generating or supposed to receive this traffic?

Last edited:
Google is your friend.

1) Incoming traffic on your WAN interface.
2) Destination MAC, source MAC, frame type.
3) Not really.

Investigate the device at (is that your router's WAN IP address?). See if it is running anything on port 3518.
How can I know what the router is running on that port (or any port, for that matter)? Port 3518 is supposed to be used for "Artifact Message Server" messages.

Yes, is my router WAN IP.

Since these are incoming packets, where is this traffic supposed to be going beyond the WAN interface, to what machine on the LAN?

What does DROP mean?
It's difficult to know for sure as we don't know anything at all about how your network is set up.

So in the absence of such information, if I had to guess I'd say;

You've probably got some ISP provided router connected to the WAN of the Asus. And you have put the Asus in the DMZ of the ISP router.
You have turned on logging of dropped packets in the Asus' firewall.
So what you're seeing in just the normal port scanning/hacking attempts from the internet.

"What does DROP mean?" It means that these unsolicited incoming packets are being thrown way by your router's firewall. This is a good thing, it means the firewall is doing its job.
Right. Why didn't I see that? It didn't occur to me that DROP meant dropped :). I finally saw one or two ACCEPTED in the long list, then it occurred to me.

Yes, now it is looking like the firewall is doing its thing. Thanks, Colin.

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!