Topic: /var/log/messages

[David L]

My recent upgrade to 4.1 has been brought to it's knees by a 300MB /var/log/messages file consisting mostly of Packet log:  denylog DENY eth0 PROTO=17 xxx.xxx.xxx.xxx:137 etc. messages.  It's spending all of it's time on disk access, not serving any web pages.
Did a clean install on a different machine and the same thing was starting to happen.  NTP is disabled.  The only thing the two have in common are realtek ethernet drivers.  Is this what the problem is?

Thanks for the help.

[Charlie Brady]

David L wrote:

> My recent upgrade to 4.1 has been brought to it's knees by a
> 300MB /var/log/messages file consisting mostly of Packet
> log:  denylog DENY eth0 PROTO=17 xxx.xxx.xxx.xxx:137 etc.
> messages.  It's spending all of it's time on disk access, not
> serving any web pages.
> Did a clean install on a different machine and the same thing
> was starting to happen.  NTP is disabled.  The only thing the
> two have in common are realtek ethernet drivers.  Is this
> what the problem is?

No, the problem is a combination of the new packet filter, and a large number of netbios name requests on your external interface. The external interface is normally connected to the Internet, and there shouldn't be a lot of computers hitting your server with such requests. Perhaps your external interface is instead connected to a network of Windows computers.

Ask again on this forum if you want some pointers on how to block these packets without logging them.

Charlie

[David L]

Yes I would like these pointers.  My system is on a cablemodem on which you can browse the network neighborhood and see other peoples workgroups and computers which would explain the traffic.

[Darrell May]

I asked this same question on devinfo and have posted the answer Charlie provided on my web site at:

http://netsourced.com/e-smith/howto-stop-logging.html

Regards,

Darrell

[David L]

Thanks Darrell.  I appreciate it.