I'm seeing logs for rule 60011 which is overflowing my syslog server. These logs originate from one subnet to another internal subnet for my internal DNS server, is there a way to disable these logs specifically or turn off rule 60011? See https://www.sophos.com/en-us/support/knowledgebase/115029.aspx for what rule 60011 is.
Here's a look at some of the logs:
Apr 27 17:38:53 2015: 04:27-17:38:53 ulogd[9028]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth1.200" srcmac="00:0c:29:86:4a[:D]d" dstmac="00:30:18:c3:aa:50" srcip="10.0.1.196" dstip="10.0.1.4" proto="17" length="67" tos="0x00" prec="0x00" ttl="64" srcport="50238" dstport="53"
Apr 27 17:38:53 2015: 04:27-17:38:53 ulogd[9028]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth1.200" srcmac="00:0c:29:86:4a[:D]d" dstmac="00:30:18:c3:aa:50" srcip="10.0.1.196" dstip="10.0.1.4" proto="17" length="67" tos="0x00" prec="0x00" ttl="64" srcport="36427" dstport="53"
Apr 27 17:38:57 2015: 04:27-17:38:57 ulogd[9028]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth1.200" srcmac="00:0c:29:86:4a[:D]d" dstmac="00:30:18:c3:aa:50" srcip="10.0.1.196" dstip="10.0.1.4" proto="17" length="56" tos="0x00" prec="0x00" ttl="64" srcport="59690" dstport="53"
Apr 27 17:39:01 2015: 04:27-17:39:01 ulogd[9028]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth1.200" srcmac="00:0c:29:86:4a[:D]d" dstmac="00:30:18:c3:aa:50" srcip="10.0.1.196" dstip="10.0.1.4" proto="17" length="72" tos="0x00" prec="0x00" ttl="64" srcport="49798" dstport="53"
Apr 27 17:39:01 2015: 04:27-17:39:01 ulogd[9028]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth1.200" srcmac="00:0c:29:86:4a[:D]d" dstmac="00:30:18:c3:aa:50" srcip="10.0.1.196" dstip="10.0.1.4" proto="17" length="72" tos="0x00" prec="0x00" ttl="64" srcport="49798" dstport="53"
Apr 27 17:39:02 2015: 04:27-17:39:02 ulogd[9028]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth1.100" srcmac="f4:6d:04:ef:e0:8e" dstmac="00:30:18:c3:aa:50" srcip="10.0.1.4" dstip="10.0.1.1" proto="17" length="74" tos="0x00" prec="0x00" ttl="64" srcport="46934" dstport="53"
This thread was automatically locked due to age.
