Menu
What's new
By:
Filters Better Search

How to parse system log?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

Justinh

Senior Member
I just updated my RT-68P to FW 3.0.0.4.384_45149, and I poked around the UI afterwards. I noticed in the system log that most of the IPs were Russian or Chinese(!). But, I'm not sure how to interpret all of the info for a given entry. Can someone explain the pieces to me?

E.g.: Jan 3 17:57:31 kernel: DROP IN=vlan2 OUT= MAC=1c:87:2c:48:d9:b9:84:61:a0:63:a5:20:08:00:45:00:00:28 SRC=185.176.27.166 DST=192.168.20.253 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=63509 PROTO=TCP SPT=40137 DPT=3518 SEQ=3560613561 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0

1) What does "DROP IN=vlan2" mean?
2) How can the MAC address be 18 octets long? The normal first six match my LAN MAC.
3) Anything worth noting about the rest of the pieces?

How can I tell what device on my LAN is generating or supposed to receive this traffic?

Justin
 
Last edited:
Google is your friend.

1) Incoming traffic on your WAN interface.
2) Destination MAC, source MAC, frame type.
3) Not really.

Investigate the device at 192.168.20.253 (is that your router's WAN IP address?). See if it is running anything on port 3518.
 
How can I know what the router is running on that port (or any port, for that matter)? Port 3518 is supposed to be used for "Artifact Message Server" messages.

Yes, 192.168.20.253 is my router WAN IP.

Since these are incoming packets, where is this traffic supposed to be going beyond the WAN interface, to what machine on the LAN?

What does DROP mean?
 
It's difficult to know for sure as we don't know anything at all about how your network is set up.

So in the absence of such information, if I had to guess I'd say;

You've probably got some ISP provided router connected to the WAN of the Asus. And you have put the Asus in the DMZ of the ISP router.
You have turned on logging of dropped packets in the Asus' firewall.
So what you're seeing in just the normal port scanning/hacking attempts from the internet.

"What does DROP mean?" It means that these unsolicited incoming packets are being thrown way by your router's firewall. This is a good thing, it means the firewall is doing its job.
 
Right. Why didn't I see that? It didn't occur to me that DROP meant dropped :). I finally saw one or two ACCEPTED in the long list, then it occurred to me.

Yes, now it is looking like the firewall is doing its thing. Thanks, Colin.
 
You must log in or register to reply here.

Similar threads

C
system log shows KERNEL Accept with UDP 67/68?
Replies
3
Views
406
chillm8t
C
B
Scribe /usr/bin/logger messages don't make it to the log file - intermittent issue
Replies
15
Views
1K
bibikalka
B
E
AI Mesh keeps dropping
Replies
0
Views
1K
ExVee
E
7
Asus Router RT-AC1200 syslog
Replies
8
Views
1K
ColinTaylor
C
W
RT-AX86U wifi capping out 300mb below max speed
2
Replies
31
Views
3K
dlandiss
dlandiss
Similar threads
Thread starter Title Forum Replies Date
TheLyppardMan Lots of recurring entries in the system log ASUSWRT - Official 11
F Ping target - from Administration/System ASUSWRT - Official 2
slurmsmckenzie RT-AX86U - system log spam from Tuya Smart device ASUSWRT - Official 55
J Help with system logs - Constant wifi drops ASUSWRT - Official 4
TheLyppardMan System Log - what do these recurring entries mean? ASUSWRT - Official 3
P AiMesh creates Open System connection on 6GHz range ASUSWRT - Official 7
TheLyppardMan What are these system log entries? ASUSWRT - Official 12
R ASUS RT-AX88U Router Is showing Ethernet Ports Notice under Network Map -> System Status -> Status ASUSWRT - Official 20
L Where can I find a comprehensive guide for the Asus WRT operating system, it has so many options, many I don't understand their purpose ASUSWRT - Official 8
P Asus Router tuf ax4200 log enquiry ASUSWRT - Official 0

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 690 (members: 25, guests: 665)
Top