Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 2129 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unnecessary DNS syslog messages

MarcLH
I'm seeing logs for rule 60011 which is overflowing my syslog server.  These logs originate from one subnet to another internal subnet for my internal DNS server, is there a way to disable these logs specifically or turn off rule 60011?  See https://www.sophos.com/en-us/support/knowledgebase/115029.aspx for what rule 60011 is.

Here's a look at some of the logs:
Apr 27 17:38:53  2015: 04:27-17:38:53  ulogd[9028]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth1.200" srcmac="00:0c:29:86:4a[:D]d" dstmac="00:30:18:c3:aa:50" srcip="10.0.1.196" dstip="10.0.1.4" proto="17" length="67" tos="0x00" prec="0x00" ttl="64" srcport="50238" dstport="53"
Apr 27 17:38:53  2015: 04:27-17:38:53  ulogd[9028]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth1.200" srcmac="00:0c:29:86:4a[:D]d" dstmac="00:30:18:c3:aa:50" srcip="10.0.1.196" dstip="10.0.1.4" proto="17" length="67" tos="0x00" prec="0x00" ttl="64" srcport="36427" dstport="53"
Apr 27 17:38:57  2015: 04:27-17:38:57  ulogd[9028]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth1.200" srcmac="00:0c:29:86:4a[:D]d" dstmac="00:30:18:c3:aa:50" srcip="10.0.1.196" dstip="10.0.1.4" proto="17" length="56" tos="0x00" prec="0x00" ttl="64" srcport="59690" dstport="53"
Apr 27 17:39:01  2015: 04:27-17:39:01  ulogd[9028]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth1.200" srcmac="00:0c:29:86:4a[:D]d" dstmac="00:30:18:c3:aa:50" srcip="10.0.1.196" dstip="10.0.1.4" proto="17" length="72" tos="0x00" prec="0x00" ttl="64" srcport="49798" dstport="53"
Apr 27 17:39:01  2015: 04:27-17:39:01  ulogd[9028]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth1.200" srcmac="00:0c:29:86:4a[:D]d" dstmac="00:30:18:c3:aa:50" srcip="10.0.1.196" dstip="10.0.1.4" proto="17" length="72" tos="0x00" prec="0x00" ttl="64" srcport="49798" dstport="53"
Apr 27 17:39:02  2015: 04:27-17:39:02  ulogd[9028]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth1.100" srcmac="f4:6d:04:ef:e0:8e" dstmac="00:30:18:c3:aa:50" srcip="10.0.1.4" dstip="10.0.1.1" proto="17" length="74" tos="0x00" prec="0x00" ttl="64" srcport="46934" dstport="53"


This thread was automatically locked due to age.
Parents Reply Children
No Data