On Monday 02 March 2009, Matthew Flaschen wrote: >Gene Heskett wrote: >>> I think it's something like: >>> :hostname, isequal, "router" >>> >>> *.* /var/log/DD_WRT_router.log >> >> I tried that, and it duplicated the host machines log to the target. :) > >Can you clarify? You put it as three lines like that? > No, two lines, somewhere a blank got added that wasn't there when it left here. >> So I'm now trying: >> :msg, contains, "router" /var/log/dd-wrt/router.log > >Counter-intuitively (but seemingly confirmed by some quick testing), I >don't think hostname is part of the message. I have another idea that >DID appear to work (obviously I tested with my own hostname), though it > >didn't log as much as I expected ...</ominous>: >:HOSTNAME, isequal, "router" /var/log/dd-wrt/router.log I have that in there now. But even disabled the router is silent at the moment. Here is a sample of what one of its messages looks like as I rebooted it: Mar 2 19:41:12 router syslog: syslogd : syslog daemon successfully stopped Mar 2 19:41:12 router kernel: klogd started: BusyBox v1.11.1 (2008-07-26 11:32:32 CEST) Mar 2 19:41:12 router syslog: klogd : klog daemon successfully started Note the 'router' identifier >All one line, capitalized HOSTNAME. Also, just to be safe make sure >/var/log/dd-wrt/router.log already exists with the same permissions >(user/group/mode) as /var/log/messages before you restart rsyslogd. I did. > >> If I put it on two lines, it fussed on the restart because there was a >> line without an action. > >Right, my mistake. > >> Is it an absolute requirement? If not, how to stop it? > >You /might/ be able to disable it if you hard-coded the MAC address of >every machine (including routers, firewalls, etc.) on your LAN. >However, I highly advise against attempting this. Yeah, but its only this machine I'm seeing, and there a 2 other ubuntu machines on this network that don't do that. And it just keeps hammering away, probably 90% of the local traffic here, and that is counting fetchmail checking 3 servers at 90 second intervals. I have attached a 60 second tcpdump -i eth0 -nn capture. This cannot be right. >Matt Flaschen Thanks Matt -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) I have seen these EGG EXTENDERS in my Supermarket ... I have read the INSTRUCTIONS ...
00:58:01.976932 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:02.976933 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:03.220801 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:03.976933 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:04.977930 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:05.220979 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:05.977931 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:06.977933 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:07.221185 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:09.221389 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:10.979932 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:11.221552 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:11.979928 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:12.979932 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:13.221664 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:13.980929 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:14.980928 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:15.221957 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:15.752717 IP 192.168.71.3.123 > 64.247.17.251.123: NTPv4, Client, length 48 00:58:15.801091 IP 64.247.17.251.123 > 192.168.71.3.123: NTPv4, Server, length 48 00:58:15.980933 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:17.222061 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:18.365728 IP 192.168.71.3.631 > 192.168.71.255.631: UDP, length 193 00:58:19.222231 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:19.365728 IP 192.168.71.3.631 > 192.168.71.255.631: UDP, length 191 00:58:19.982932 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:20.365728 IP 192.168.71.3.631 > 192.168.71.255.631: UDP, length 192 00:58:20.982933 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:21.222424 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:21.365726 IP 192.168.71.3.631 > 192.168.71.255.631: UDP, length 196 00:58:21.703697 IP 192.168.71.3.123 > 207.182.224.4.123: NTPv4, Client, length 48 00:58:21.818522 IP 207.182.224.4.123 > 192.168.71.3.123: NTPv4, Server, length 48 00:58:21.982933 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:22.983930 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:23.222552 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:23.983930 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:24.700706 IP 192.168.71.3.123 > 64.247.17.252.123: NTPv4, Client, length 48 00:58:24.751029 IP 64.247.17.252.123 > 192.168.71.3.123: NTPv4, Server, length 48 00:58:24.983933 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:25.222731 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:27.222944 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:28.985921 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:29.223089 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:29.700681 arp who-has 192.168.71.1 tell 192.168.71.3 00:58:29.700802 arp reply 192.168.71.1 is-at 00:0f:b5:fa:9c:54 00:58:29.985922 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:30.985928 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:31.223309 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:31.986930 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:32.986922 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:33.223424 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:33.986933 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:35.223648 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:37.223841 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:37.988932 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:38.988933 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:39.223968 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:39.988933 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:40.989919 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:41.224197 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:41.989933 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:42.989933 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:43.224293 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:45.224536 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:46.991932 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:47.224680 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:47.991933 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:48.991934 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:49.224854 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:49.365854 IP 192.168.71.3.631 > 192.168.71.255.631: UDP, length 193 00:58:49.992928 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:50.366720 IP 192.168.71.3.631 > 192.168.71.255.631: UDP, length 191 00:58:50.992931 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:51.225052 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:51.366727 IP 192.168.71.3.631 > 192.168.71.255.631: UDP, length 192 00:58:51.992932 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:52.366726 IP 192.168.71.3.631 > 192.168.71.255.631: UDP, length 196 00:58:53.225234 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:55.225422 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:55.994932 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:56.994933 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:57.225571 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:57.994933 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:58.995921 arp who-has 192.168.71.4 tell 192.168.71.3 00:58:59.225762 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43 00:58:59.995933 arp who-has 192.168.71.4 tell 192.168.71.3 00:59:00.995933 arp who-has 192.168.71.4 tell 192.168.71.3 00:59:01.225978 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0f:b5:fa:9c:54.8001, length 43
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines