ASL's log is too more and occupy too more CPU resource.How can i stop log.I have configured rule: ANY ANY ANY DROP, why still has log entry into logfile.I don't understand.
I use some attack tool to test ASL,ASL's rule is general configuration.ASL is crashed. The CPU utilization is 100%. My question is :
1. How much concurrent connections can ASL support?
2.I must let ASL to work normally in network environment filled attack, I should how to do?
3.I should how to understand log information, according to log information, I can know why ASL log it and it belong to which attack type. I should how to block it.such as:
2003-Dec 23 04:01:12 (none) kernel: UDP Drop: IN=eth0 OUT= MAC=00:02:55:b7:6a:9b:00:02:55:b7:ac:4b:08:00 SRC=192.168.0.252 DST=192.168.0.254 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=56696 DF PROTO=UDP SPT=32774 DPT=53 LEN=30
Sep 20 00:00:57 host kernel: ICMP Drop: IN=eth0 OUT=eth1 SRC=192.168.0.4 DST=192.167.122.137 LEN=92 TOS=0x00 PREC=0x00 TTL=127 ID=57665 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=24756
2003-Dec 20 13:17:25 (none) kernel: TCP Drop: IN= OUT=eth0 SRC=192.168.0.254 DST=192.168.0.111 LEN=1194 TOS=0x00 PREC=0x00 TTL=64 ID=586 DF PROTO=TCP SPT=8080 DPT=3062 WINDOW=6432 RES=0x00 ACK PSH URGP=0
4.what is the highest performance of ASL on hardware platform ASL supported? Now i use IBM305.
5.My WAN speed is pure 100M, I should config which CPU and how much memory?
Pls you help me. thanks a lot!
This thread was automatically locked due to age.
