Navigation

steveomach3ww · #1 25th January 2007, 15:36

I am in need of some help. I loged into my server last night and noticed that i had used over 20gig in logs and when i went in there i found that the bandwidth is recording to the bandwidth log, kern.log, and syslog how do i stop so i dont have it checking the bandwidth.
Thank You

falko · #2 26th January 2007, 17:09

What exactly gets logged?

steveomach3ww · #3 26th January 2007, 21:56

It looks like all of the bandwidt and it is writing it to these 3 logs. Debug, kern, and syslog

here is a little peice of it.

Jan 26 14:55:02 fireviper kernel: [43553489.560000] BANDWIDTH_IN:IN=eth0 OUT= MAC=00:07:95:de:47:5e:00:15:fa:c9:83:e6:08:00 SRC=24.86.116.72 DST=12.169.23.22 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=51646 DF PROTO=TCP SPT=2352 DPT=19710 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.570000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=151.46.238.126 DST=192.168.2.60 LEN=57 TOS=0x00 PREC=0x00 TTL=112 ID=17817 DF PROTO=TCP SPT=57143 DPT=4545 WINDOW=17520 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.600000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=62.31.204.252 DST=192.168.2.206 LEN=1500 TOS=0x00 PREC=0x00 TTL=107 ID=6695 DF PROTO=TCP SPT=17797 DPT=4167 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.610000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=62.31.204.252 DST=192.168.2.206 LEN=628 TOS=0x00 PREC=0x00 TTL=107 ID=6696 DF PROTO=TCP SPT=17797 DPT=4167 WINDOW=65535 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.610000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.206 DST=62.31.204.252 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=34789 DF PROTO=TCP SPT=4167 DPT=17797 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.660000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=87.90.196.15 DST=192.168.2.60 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=48353 DF PROTO=TCP SPT=39801 DPT=4769 WINDOW=0 RES=0x00 ACK RST URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.660000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=89.0.176.246 DST=192.168.2.60 LEN=44 TOS=0x00 PREC=0x00 TTL=112 ID=59656 DF PROTO=TCP SPT=59425 DPT=4685 WINDOW=64843 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.660000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=89.0.176.246 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=29188 DF PROTO=TCP SPT=4685 DPT=59425 WINDOW=65050 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.670000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=201.143.0.95 LEN=1492 TOS=0x00 PREC=0x00 TTL=127 ID=29189 DF PROTO=TCP SPT=4548 DPT=12438 WINDOW=65011 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.670000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=201.143.0.95 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=29190 DF PROTO=TCP SPT=4548 DPT=12438 WINDOW=65011 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.700000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=151.46.238.126 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=29191 DF PROTO=TCP SPT=4545 DPT=57143 WINDOW=64810 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.750000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=83.213.33.205 DST=192.168.2.60 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=13514 DF PROTO=TCP SPT=61492 DPT=4620 WINDOW=20888 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.800000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=74.193.11.116 LEN=108 TOS=0x00 PREC=0x00 TTL=127 ID=29192 DF PROTO=TCP SPT=4770 DPT=50278 WINDOW=65535 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.870000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=151.46.238.126 LEN=1500 TOS=0x00 PREC=0x00 TTL=127 ID=29193 DF PROTO=TCP SPT=4545 DPT=57143 WINDOW=64810 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.870000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=83.213.33.205 LEN=1492 TOS=0x00 PREC=0x00 TTL=127 ID=29194 DF PROTO=TCP SPT=4620 DPT=61492 WINDOW=64172 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.870000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=83.213.33.205 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=29195 DF PROTO=TCP SPT=4620 DPT=61492 WINDOW=64172 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.870000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=151.46.238.126 LEN=1500 TOS=0x00 PREC=0x00 TTL=127 ID=29196 DF PROTO=TCP SPT=4545 DPT=57143 WINDOW=64810 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.930000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=74.193.11.116 DST=192.168.2.60 LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=53777 DF PROTO=TCP SPT=50278 DPT=4770 WINDOW=65467 RES=0x00 ACK FIN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.930000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=74.193.11.116 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=29197 DF PROTO=TCP SPT=4770 DPT=50278 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.930000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=74.193.11.116 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=29198 DF PROTO=TCP SPT=4770 DPT=50278 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.990000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=201.143.0.95 DST=192.168.2.60 LEN=40 TOS=0x00 PREC=0x20 TTL=114 ID=50031 DF PROTO=TCP SPT=12438 DPT=4548 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553490.020000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.206 DST=151.205.169.192 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=34790 DF PROTO=TCP SPT=4433 DPT=55206 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553490.030000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=151.37.235.253 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=29199 DF PROTO=TCP SPT=4773 DPT=6881 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553490.030000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=200.66.9.132 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=29200 DF PROTO=TCP SPT=4774 DPT=6881 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553490.030000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=81.199.68.29 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=29201 DF PROTO=TCP SPT=4775 DPT=51136 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553490.030000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=86.124.27.71 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=29202 DF PROTO=TCP SPT=4779 DPT=17885 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553490.030000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=84.251.235.122 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=29203 DF PROTO=TCP SPT=4780 DPT=54001 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553490.060000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=74.193.11.116 DST=192.168.2.60 LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=53782 DF PROTO=TCP SPT=50278 DPT=4770 WINDOW=65467 RES=0x00 ACK URGP=0

martinfst · #4 26th January 2007, 22:11

The log messages come from your firewall, which is doing it job apparently to stop an overload of data to your network cards. What does seem to be strange is you have excessive traffic on both your interfaces, from eth0 to eth1, from external to (mostly) internal addresses.

Could you router have gone "mad"? Or routes are changed recently somewhere (unintentionally)?

steveomach3ww · #5 27th January 2007, 04:54

the reason for so much traffic is beacuse of using bittorrent which i am downloading and people are uploading from me and another guy. i just want to stop it from logging all of this or change the size of log files before they rotate.

martinfst · #6 27th January 2007, 12:17

Are you using logrotate? If yes, there's a 'size' option, which will rotate logs based on size. Shameless copy from the man logrotate page:

Code:

 "/var/log/httpd/access.log" /var/log/httpd/error.log {
           rotate 5
           mail www@my.org
           size 100k
           sharedscripts
           postrotate
               /usr/bin/killall -HUP httpd
           endscript
       }

Apply the 'size' directive to the logfiles you want rotated sooner will probably help.

steveomach3ww · #7 28th January 2007, 21:52

Yes i am using logrotate and will use that peice of code but is there a way to stop having the bandwidth being logged in to the 3 different log files meaing the debug file, syslog file, and kernal file. Thank You

Navigation

Facebook

News

Recent comments

Newsletter