What do these syslogs mean?

[homer33]

log entry:

Feb 8 09:16:46 kernel: ACCEPT <4>ACCEPT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:5c:32:94:41:08:00 <1>SRC=142.254.224.25 DST=255.255.255.255 <1>LEN=365 TOS=0x00 PREC=0x00 TTL=64 ID=17368 PROTO=UDP <1>SPT=67 DPT=68 LEN=345

So, my question is about this log entry. The part that has me stumped is the "OUT=" part? This seems to be a log entry for traffic from the cable modem to my router via broadcasts, ff:ff:... ? The last part of the mac is 01:5c:32:... and doesn't make sense. It is seven hex numbers long.? The source ip is the ISP server I think, and the DST ip is just a broadcast to all hosts. Is this correct? Thank you for the help.

 

[RMerlin]

log entry:

Feb 8 09:16:46 kernel: ACCEPT <4>ACCEPT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:5c:32:94:41:08:00 <1>SRC=142.254.224.25 DST=255.255.255.255 <1>LEN=365 TOS=0x00 PREC=0x00 TTL=64 ID=17368 PROTO=UDP <1>SPT=67 DPT=68 LEN=345

So, my question is about this log entry. The part that has me stumped is the "OUT=" part? This seems to be a log entry for traffic from the cable modem to my router via broadcasts, ff:ff:... ? The last part of the mac is 01:5c:32:... and doesn't make sense. It is seven hex numbers long.? The source ip is the ISP server I think, and the DST ip is just a broadcast to all hosts. Is this correct? Thank you for the help.

This is a DHCP packet. It was sent as a broadcast to your router from your ISP.

 

[homer33]

Is this normal traffic?

ok, but is it normal to get 20 to 30 packets a minute like this?

 

[RMerlin]

ok, but is it normal to get 20 to 30 packets a minute like this?

Some ISP's DHCP server just behave oddly. <shrug>

I have some frequent log spam in our Shorewall router/firewall/loadbalancer at work too, syslog frequently flooded by DHCP related messages coming from one of our two ISPs.