From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2.1) Gecko/20010901 Description of problem: I recently switched from ipchains to iptables. I've trying to fix this for days and days. Everyday around 2am Logwatch send a message to my user account with irregularities that it can find. For some odd reason the boot.log and the netfilter log appear to have emerge themselves as one. I used to received the netfilter log in clean and understandable manner [ please take a look -> http://home.earthlink.net/~btcal/shouldbe.html ] But now with ip_tables the the log sent by logwatch is all mangled. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.receive mail from logwatch 2. 3. Actual Results: ################## LogWatch 2.1.1 Begin ##################### --------------------- Cron Begin ------------------------ Commands Run: ---------------------- Cron End ------------------------- ---------------------- Kernel Begin ------------------------- 4 Time(s): ide0: BM-DMA at 0xd000-0xd007, BIOS settings: hda:DMA, hdb:pio 4 Time(s): ide1: BM-DMA at 0xd008-0xd00f, BIOS settings: hdc:DMA, hdd:DMA 4 Time(s): (C) Copyright 1999 Red Hat Software 4 Time(s): Type: CD-ROM ANSI SCSI revision: 02 4 Time(s): Vendor: HP Model: CD-Writer+ 8200 Rev: 1.0f 4 Time(s): BIOS-e820: 0000000000000000 - 000000000009fc00 (usable) 4 Time(s): BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved) 4 Time(s): BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved) 4 Time(s): BIOS-e820: 0000000000100000 - 0000000007ff0000 (usable) 4 Time(s): BIOS-e820: 0000000007ff0000 - 0000000007ff3000 (ACPI NVS) 4 Time(s): BIOS-e820: 0000000007ff3000 - 0000000008000000 (ACPI data) 4 Time(s): BIOS-e820: 00000000ffff0000 - 0000000100000000 (reserved) 4 Time(s): hda: hda1 hda2 hda3 hda4 < hda5 hda6 > 1 Time(s): ..... CPU clock speed is 801.8085 MHz. 1 Time(s): ..... CPU clock speed is 801.8181 MHz. 1 Time(s): ..... CPU clock speed is 801.8270 MHz. 1 Time(s): ..... CPU clock speed is 801.8611 MHz. 1 Time(s): ..... host bus clock speed is 133.6345 MHz. 1 Time(s): ..... host bus clock speed is 133.6361 MHz. 1 Time(s): ..... host bus clock speed is 133.6377 MHz. 1 Time(s): ..... host bus clock speed is 133.6433 MHz. 4 Time(s): 8139too Fast Ethernet driver 0.9.24 4 Time(s): Activating ISA DMA hang workarounds. 4 Time(s): Adding Swap: 264560k swap-space (priority -1) 2 Time(s): Attached scsi CD-ROM sr0 at scsi0, channel 0, id 0, lun 0 4 Time(s): BIOS-provided physical RAM map: 4 Time(s): Based upon Swansea University Computer Society NET3.039 4 Time(s): Buffer-cache hash table entries: 4096 (order: 2, 16384 bytes) 1 Time(s): CPU0<T0:1336336,T1:668160,D:4,S:668172,C:1336345> 1 Time(s): CPU0<T0:1336352,T1:668160,D:12,S:668180,C:1336361> 1 Time(s): CPU0<T0:1336368,T1:668176,D:4,S:668188,C:1336377> 1 Time(s): CPU0<T0:1336432,T1:668208,D:8,S:668216,C:1336433> 4 Time(s): CPU: Intel Pentium III (Coppermine) stepping 06 4 Time(s): CPU: L1 I cache: 16K, L1 D cache: 16K 4 Time(s): CPU: L2 cache: 256K 4 Time(s): CSLIP: code copyright 1989 Regents of the University of California 4 Time(s): Calibrating delay loop... 1599.07 BogoMIPS 4 Time(s): Checking 'hlt' instruction... OK. 4 Time(s): Console: colour VGA+ 80x28 4 Time(s): Creative EMU10K1 PCI Audio Driver, version 0.18, 07:14:09 Feb 28 2002 4 Time(s): Dentry-cache hash table entries: 16384 (order: 5, 131072 bytes) 1 Time(s): Detected 801.828 MHz processor.1 Time(s): Detected 801.829 MHz processor. 1 Time(s): Detected 801.833 MHz processor. 1 Time(s): Detected 801.840 MHz processor. 4 Time(s): ESR value after enabling vector: 00000000 4 Time(s): ESR value before enabling vector: 00000000 4 Time(s): EXT3 FS 2.4-0.9.17, 10 Jan 2002 on ide0(3,2), internal journal 4 Time(s): EXT3 FS 2.4-0.9.17, 10 Jan 2002 on ide0(3,3), internal journal 4 Time(s): EXT3 FS 2.4-0.9.17, 10 Jan 2002 on ide0(3,5), internal journal 12 Time(s): EXT3-fs: mounted filesystem with ordered data mode. 4 Time(s): Enabling fast FPU save and restore... done. 4 Time(s): Enabling unmasked SIMD FPU exception support... done. 4 Time(s): FDC 0 is a post-1991 82077 4 Time(s): Floppy drive(s): fd0 is 1.44M 4 Time(s): Found and enabled local APIC! 4 Time(s): Freeing unused kernel memory: 216k freed 4 Time(s): HDLC line discipline: version $Revision: 3.3 $, maxframe=4096 4 Time(s): I2O configuration manager v 0.04. 4 Time(s): IP Protocols: ICMP, UDP, TCP, IGMP 4 Time(s): IP: routing cache hash table of 512 buckets, 4Kbytes 4 Time(s): Initializing CPU#0 4 Time(s): Initializing RT netlink socket 4 Time(s): Inode-cache hash table entries: 8192 (order: 4, 65536 bytes) 4 Time(s): Inspecting /boot/System.map-2.4.18 4 Time(s): Intel machine check architecture supported. 4 Time(s): Intel machine check reporting enabled on CPU#0. 4 Time(s): Journalled Block Device driver loaded 4 Time(s): Kernel command line: ro root=/dev/hda3 hdd=ide-scsi vga=3D791 4 Time(s): Kernel log daemon terminating. 4 Time(s): Kernel logging (proc) stopped. 4 Time(s): Linux NET4.0 for Linux 2.4 3 Time(s): Linux agpgart interface v0.99 (c) Jeff Hartmann 4 Time(s): Linux version 2.4.18 (root@habitat) (gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-98)) #1 Thu Feb 28 07:00:32 CST 2002 4 Time(s): Linux video capture interface: v1.00 4 Time(s): Loaded 15051 symbols from /boot/System.map-2.4.18. 4 Time(s): Loaded 478 symbols from 15 modules. 4 Time(s): Loading I2O Core - (c) Copyright 1999 Red Hat Software 4 Time(s): Local APIC disabled by BIOS -- reenabling. 4 Time(s): Memory: 126844k/131008k available (1019k kernel code, 3776k reserved, 257k data, 216k init, 0k highmem) 4 Time(s): Mount-cache hash table entries: 2048 (order: 2, 16384 bytes) 4 Time(s): NET4: Linux TCP/IP 1.0 for NET4.0 4 Time(s): NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. 4 Time(s): N_HDLC line discipline registered. 4 Time(s): On node 0 totalpages: 32752 4 Time(s): PCI: Found IRQ 10 for device 00:07.2 4 Time(s): PCI: Found IRQ 10 for device 00:0c.0 4 Time(s): PCI: Found IRQ 5 for device 00:0b.0 4 Time(s): PCI: PCI BIOS revision 2.10 entry at 0xfb360, last bus=1 4 Time(s): PCI: Probing PCI hardware 4 Time(s): PCI: Sharing IRQ 10 with 00:07.2 4 Time(s): PCI: Sharing IRQ 10 with 00:0c.0 4 Time(s): PCI: Using IRQ router VIA [1106/0596] at 00:07.0 4 Time(s): PCI: Using configuration type 1 4 Time(s): POSIX conformance testing by UNIFIX 4 Time(s): PPP generic driver version 2.4.1 4 Time(s): Page-cache hash table entries: 32768 (order: 5, 131072 bytes) 4 Time(s): Partition check: 4 Time(s): Real Time Clock Driver v1.10e 4 Time(s): SCSI subsystem driver Revision: 1.004 Time(s): Starting kswapd 4 Time(s): Symbols match kernel version 2.4.18. 4 Time(s): TCP: Hash tables configured (established 8192 bind 8192) 4 Time(s): USB Quickcam Class ff SubClass ff idVendor 46d idProduct 870 4 Time(s): USB Quickcam camera found using: $Id: quickcam.c,v 1.98 2001/12/31 10:47:52 wildfox Exp $ 4 Time(s): Uniform CD-ROM driver Revision: 3.12 4 Time(s): Uniform Multi-Platform E-IDE driver Revision: 6.31 4 Time(s): Using local APIC timer interrupts. 4 Time(s): VFS: Mounted root (ext3 filesystem) readonly. 4 Time(s): VP_IDE: IDE controller on PCI bus 00 dev 39 4 Time(s): VP_IDE: VIA vt82c596b (rev 12) IDE UDMA66 controller on pci00:07.1 4 Time(s): VP_IDE: chipset revision 6 4 Time(s): VP_IDE: not 100%% native mode: will probe irqs later 3 Time(s): [drm] AGP 0.99 on VIA Apollo Pro @ 0xd8000000 64MB 3 Time(s): [drm] Initialized r128 2.1.6 20010405 on minor 0 4 Time(s): ac97_codec: AC97 codec, id: 0x5452:0x4103 (TriTech TR28023) 3 Time(s): agpgart: AGP aperture is 64M @ 0xd8000000 3 Time(s): agpgart: Detected Via Apollo Pro chipset 3 Time(s): agpgart: Maximum main memory to use for agp memory: 94M4 Time(s): block: 128 slots per queue, batch=32 4 Time(s): calibrating APIC timer ... 2 Time(s): cdrom: This disc doesn't have any tracks I recognize! 1 Time(s): cpu: 0, clocks: 1336345, slice: 668172 1 Time(s): cpu: 0, clocks: 1336361, slice: 668180 1 Time(s): cpu: 0, clocks: 1336377, slice: 668188 1 Time(s): cpu: 0, clocks: 1336433, slice: 668216 4 Time(s): emu10k1: EMU10K1 rev 4 model 0x20 found, IO at 0xdc00-0xdc1f, IRQ 10 4 Time(s): enabled ExtINT on CPU#0 1 Time(s): eth0: RealTek RTL8139 Fast Ethernet at 0xc88a1000, 00:10:b5:0e:b3:02, IRQ 5 3 Time(s): eth0: RealTek RTL8139 Fast Ethernet at 0xc88b2000, 00:10:b5:0e:b3:02, IRQ 5 4 Time(s): eth0: Setting half-duplex based on auto-negotiated partner ability 0000. 4 Time(s): hda: 29297520 sectors (15000 MB) w/2048KiB Cache, CHS=1937/240/63 4 Time(s): hda: Maxtor 2R015H1, ATA DISK drive 4 Time(s): hdc: ATAPI 32X DVD-ROM drive, 512kB Cache 4 Time(s): hdc: CREATIVEDVD5240E-1, ATAPI CD/DVD-ROM drive 4 Time(s): hdd: Hewlett-Packard CD-Writer Plus 8200, ATAPI CD/DVD-ROM drive 4 Time(s): hub.c: 2 ports detected 4 Time(s): hub.c: USB hub found 4 Time(s): hub.c: USB new device connect on bus1/2, assigned device number 28 Time(s): ide-floppy driver 0.97.sv 4 Time(s): ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 4 Time(s): ide1 at 0x170-0x177,0x376 on irq 15 4 Time(s): ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx 4 Time(s): ide_setup: hdd=ide-scsi 4 Time(s): ip_conntrack (1023 buckets, 8184 max) 4 Time(s): isapnp: 1 Plug & Play card detected total 4 Time(s): isapnp: Card 'V1433VQH-U 336 PNP MODEM' 4 Time(s): isapnp: Scanning for PnP cards... 12 Time(s): kjournald starting. Commit interval 5 seconds 4 Time(s): klogd 1.4.1, log source = /proc/kmsg started. 4 Time(s): mtrr: detected mtrr type: Intel 4 Time(s): mtrr: v1.40 (20010327) Richard Gooch (rgooch.au) 4 Time(s): parport0: PC-style at 0x378 [PCSPP(,...)] 4 Time(s): pty: 256 Unix98 ptys configured 4 Time(s): quickcam: HDCS1020 sensor detected 1 Time(s): quickcam: frame size is incorrect! (2046) 48 Time(s): quickcam: frame size is incorrect! (49) 2 Time(s): quickcam: frame size is incorrect! (98) 4 Time(s): quickcam: probe of BP100 sensor = 00 10 id: 64 4 Time(s): quickcam: probe of HDCS1000 sensor = 10 3a id: 08 4 Time(s): quickcam: probe of HDCS1020 sensor = 10 10 id: 10 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=12.237.8.19 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=21211 DF PROTO=TCP SPT=4675 DPT=6699 WINDOW=16384 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=12.246.33.47 DST=66.32.34.220 LEN=37 TOS=0x00 PREC=0x00 TTL=115 ID=23212 PROTO=UDP SPT=3038 DPT=27015 LEN=17 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=130.160.149.78 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=55125 DF PROTO=TCP SPT=2262 DPT=1214 WINDOW=5840 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=138.88.36.208 DST=66.32.168.137 LEN=78 TOS=0x00 PREC=0x00 TTL=117 ID=33468 PROTO=UDP SPT=1047 DPT=137 LEN=58 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=172.162.64.54 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7993 DF PROTO=TCP SPT=1588 DPT=1214 WINDOW=8192 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=192.192.116.15 DST=66.32.211.169 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=26694 DF PROTO=TCP SPT=3357 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=01 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=12.246.33.47 DST=66.32.34.220 LEN=37 TOS=0x00 PREC=0x00 TTL=115 ID=23212 PROTO=UDP SPT=3038 DPT=27015 LEN=17 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=130.160.149.78 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=55125 DF PROTO=TCP SPT=2262 DPT=1214 WINDOW=5840 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=138.88.36.208 DST=66.32.168.137 LEN=78 TOS=0x00 PREC=0x00 TTL=117 ID=33468 PROTO=UDP SPT=1047 DPT=137 LEN=58 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=172.162.64.54 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7993 DF PROTO=TCP SPT=1588 DPT=1214 WINDOW=8192 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=192.192.116.15 DST=66.32.211.169 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=26694 DF PROTO=TCP SPT=3357 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=01 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=12.246.33.47 DST=66.32.34.220 LEN=37 TOS=0x00 PREC=0x00 TTL=115 ID=23212 PROTO=UDP SPT=3038 DPT=27015 LEN=17 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=130.160.149.78 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=55125 DF PROTO=TCP SPT=2262 DPT=1214 WINDOW=5840 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=138.88.36.208 DST=66.32.168.137 LEN=78 TOS=0x00 PREC=0x00 TTL=117 ID=33468 PROTO=UDP SPT=1047 DPT=137 LEN=58 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=172.162.64.54 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7993 DF PROTO=TCP SPT=1588 DPT=1214 WINDOW=8192 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=192.192.116.15 DST=66.32.211.169 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=26694 DF PROTO=TCP SPT=3357 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=01 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=12.246.33.47 DST=66.32.34.220 LEN=37 TOS=0x00 PREC=0x00 TTL=115 ID=23212 PROTO=UDP SPT=3038 DPT=27015 LEN=17 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=130.160.149.78 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=55125 DF PROTO=TCP SPT=2262 DPT=1214 WINDOW=5840 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=138.88.36.208 DST=66.32.168.137 LEN=78 TOS=0x00 PREC=0x00 TTL=117 ID=33468 PROTO=UDP SPT=1047 DPT=137 LEN=58 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=172.162.64.54 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7993 DF PROTO=TCP SPT=1588 DPT=1214 WINDOW=8192 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=192.192.116.15 DST=66.32.211.169 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=26694 DF PROTO=TCP SPT=3357 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=01 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=12.246.33.47 DST=66.32.34.220 LEN=37 TOS=0x00 PREC=0x00 TTL=115 ID=23212 PROTO=UDP SPT=3038 DPT=27015 LEN=17 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=130.160.149.78 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=55125 DF PROTO=TCP SPT=2262 DPT=1214 WINDOW=5840 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=138.88.36.208 DST=66.32.168.137 LEN=78 TOS=0x00 PREC=0x00 TTL=117 ID=33468 PROTO=UDP SPT=1047 DPT=137 LEN=58 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=172.162.64.54 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7993 DF PROTO=TCP SPT=1588 DPT=1214 WINDOW=8192 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=192.192.116.15 DST=66.32.211.169 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=26694 DF PROTO=TCP SPT=3357 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=01 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=12.246.33.47 DST=66.32.34.220 LEN=37 TOS=0x00 PREC=0x00 TTL=115 ID=23212 PROTO=UDP SPT=3038 DPT=27015 LEN=17 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=130.160.149.78 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=55125 DF PROTO=TCP SPT=2262 DPT=1214 WINDOW=5840 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=138.88.36.208 DST=66.32.168.137 LEN=78 TOS=0x00 PREC=0x00 TTL=117 ID=33468 PROTO=UDP SPT=1047 DPT=137 LEN=58 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=172.162.64.54 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7993 DF PROTO=TCP SPT=1588 DPT=1214 WINDOW=8192 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=192.192.116.15 DST=66.32.211.169 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=26694 DF PROTO=TCP SPT=3357 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=01 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=12.246.33.47 DST=66.32.34.220 LEN=37 TOS=0x00 PREC=0x00 TTL=115 ID=23212 PROTO=UDP SPT=3038 DPT=27015 LEN=17 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=130.160.149.78 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=55125 DF PROTO=TCP SPT=2262 DPT=1214 WINDOW=5840 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=138.88.36.208 DST=66.32.168.137 LEN=78 TOS=0x00 PREC=0x00 TTL=117 ID=33468 PROTO=UDP SPT=1047 DPT=137 LEN=58 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=172.162.64.54 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7993 DF PROTO=TCP SPT=1588 DPT=1214 WINDOW=8192 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=192.192.116.15 DST=66.32.211.169 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=26694 DF PROTO=TCP SPT=3357 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=01 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=12.246.33.47 DST=66.32.34.220 LEN=37 TOS=0x00 PREC=0x00 TTL=115 ID=23212 PROTO=UDP SPT=3038 DPT=27015 LEN=17 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=130.160.149.78 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=55125 DF PROTO=TCP SPT=2262 DPT=1214 WINDOW=5840 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=138.88.36.208 DST=66.32.168.137 LEN=78 TOS=0x00 PREC=0x00 TTL=117 ID=33468 PROTO=UDP SPT=1047 DPT=137 LEN=58 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=172.162.64.54 DST=66.32.38.89 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7993 DF PROTO=TCP SPT=1588 DPT=1214 WINDOW=8192 RES=0x00 SYN URGP=0 1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=192.192.116.15 DST=66.32.211.169 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=26694 DF PROTO=TCP SPT=3357 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ---------------------- Kernel End ------------------------- Expected Results: ---------------------- Kernel Begin ------------------------- Denied packets from 169.254.211.197. Port netbios-ns (udp,ppp0,input): 3 packet(s). Total of 3 packet(s). Denied packets from proxyscan.openprojects.net (66.140.25.157). Port squid (tcp,ppp0,input): 40 packet(s). Port telnet (tcp,ppp0,input): 40 packet(s). Port socks (tcp,ppp0,input): 80 packet(s). Port http (tcp,ppp0,input): 39 packet(s). Port webcache (tcp,ppp0,input): 40 packet(s). Total of 239 packet(s). Denied packets from AC988733.ipt.aol.com (172.152.135.51). Port 1214 (tcp,ppp0,input): 16 packet(s). Total of 16 packet(s). ---------------------- Kernel End ------------------------- Additional info: I want to point out, that i'm using the bugzilla database as a last resort. Not many people that i know use logwatch. I've tryed joing the mailing list for logwatch at kaybee.org --> no reply.
Created attachment 48604 [details] Message from logwatch