Page 1 of 1

Question about CSF logs and records

Posted: 04 Apr 2014, 05:52
by surreal
Good Day,

This is my first time using CSF as my firewall for my VPS, I have it working now because certain ports were closed when i enable CSF, but i would like to know as to what logfile should i look if i wanted to see CSF blocked ips or what log file should i tail to see it working? I have it installed on a debian system. Thanks!

Re: Question about CSF logs and records

Posted: 04 Apr 2014, 06:04
by surreal
I'm seeing lots of these on my /var/log/messages and /var/log/syslog

Code: Select all

Apr  4 01:00:03 gallifrey kernel: [242878.645367] Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:5c:63:20:2b:08:00 SRC=192.249.63.181 DST=255.255.255.255 LEN=151 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17500 DPT=17500 LEN=131
Apr  4 01:00:05 gallifrey kernel: [242881.094706] Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:5c:f3:2d:72:08:00 SRC=192.184.91.16 DST=255.255.255.255 LEN=117 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=5678 DPT=5678 LEN=97
Apr  4 01:00:06 gallifrey kernel: [242882.508608] Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:5c:f3:2d:ef:08:00 SRC=23.226.224.149 DST=255.255.255.255 LEN=154 TOS=0x00 PREC=0x00 TTL=128 ID=3762 PROTO=UDP SPT=17500 DPT=17500 LEN=134
Apr  4 01:00:12 gallifrey kernel: [242887.529016] Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=192.249.62.180 DST=78.243.109.18 LEN=86 TOS=0x00 PREC=0x00 TTL=64 ID=45675 DF PROTO=UDP SPT=51413 DPT=17617 LEN=66 UID=104 GID=106
I'm not sure if it is blocking or just a normal activity..