[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Logcheck/cron question

Subject: [cobalt-users] Logcheck/cron question
From: "Andy Clyde, oxfordmusic.net" <andy.clyde@xxxxxxxxxxxxxxx>
Date: Wed Jun 19 01:41:00 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

ok newbie question. this might be slightly off-topic but if someone could
answer/direct me to an answer i'd be grateful. i have searched web/archives
and tried almost everything i can think of but to no avail.

i'm getting these entries every 8 seconds in my log emails:
Jun 18 04:27:37 ns portsentry[1253]: attackalert: UDP scan from host:
xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx to UDP port: 68
Jun 18 04:27:37 ns portsentry[1253]: attackalert: Host:
xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx is already blocked Ignoring

the IP address is in the block owned by my co-locator. i've contacted them
and they say it's nothing to do with them (it's a bootp client apparently).
i want to rid my logs of these entries since they are swamping it. i've
tried adding various combinations to logcheck.ignore and
logcheck.violations.ignore but they're still appearing. can anyone help me?

many thanks

andy

Prev by Date: RE: [cobalt-users] RaQ4-All-Security-2.0.1-13323.pkg update
Next by Date: [cobalt-users] RE: [OT] RaQ4-All-Security-2.0.1-13323.pkg update - Sorry
Previous by thread: Re: [cobalt-users] RaQ4-All-Security-2.0.1-13323.pkg update
Next by thread: RE: [cobalt-users] Logcheck/cron question

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index