Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Strange alert log message
  •  
hmadsen

Messages: 33
Karma: 1
Send a private message to this user
Hi

My filter log is filled with this message every 5-10 seconds.

[10/Jun/2010 08:46:21] DROP malformed IP packet from XXXXX Internet, proto:2, len:28, ip:0.0.0.0 -> 224.0.0.2, plen:8

The "XXXXX Internet" is the primary internet interface ...

Also i have this in the security log :

[11/Jun/2010 12:14:09] Anti-spoofing: Packet from XXXXX Internet, proto:UDP, len:209, ip/port:169.254.59.135:138 -> 169.254.255.255:138, udplen:181

This message is added about every 1-2 seconds.

How do i get rid of this as it is making the logs very difficult to read ..

Hmadsen

[Updated on: Fri, 11 June 2010 13:06]

  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
I don't know how to get rid of these messages but you can enable Highlighting to color out the described messages. This makes easy to read logs.
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
For not to log Anti-spoofing messages, you can disable Anti-Spoof logging from Advanced Options/Security Settings (On Kerio Control you can find Anti-Spoof setting under the Traffic Policy/Security Settings/Miscellaneous section).
  •  
hmadsen

Messages: 33
Karma: 1
Send a private message to this user
KursadOlmez wrote on Fri, 11 June 2010 13:23
For not to log Anti-spoofing messages, you can disable Anti-Spoof logging from Advanced Options/Security Settings (On Kerio Control you can find Anti-Spoof setting under the Traffic Policy/Security Settings/Miscellaneous section).


This took care of the security log, thank you.

Now i just need to get rid of the other filter log message, highlighting is an option but since i get a log entry every 5-10 seconds it would be prefereable to be able to somehow deselect this kind of log entry.

It seems that it is some kind of multicast message ..

Hmadsen
  •  
Adjuster

Messages: 48

Karma: -1
Send a private message to this user
Apparently included logging packages at some of the rules.

____________________________
Excuse me for my english...
  •  
moro666

Messages: 90

Karma: 0
Send a private message to this user
for log:
10/Jun/2010 08:46:21] DROP malformed IP packet from XXXXX Internet, proto:2, len:28, ip:0.0.0.0 -> 224.0.0.2, plen:8
----------------------------------

edited ( winroute.cfg ) search for:
<variable name="LogMalformedOrUnknownPackets">1</variable>
and disabled logging by set 1 to 0

----------------------------------
But if this log happen so much, I think it's better to find the reason of it, not just stop logging it!


Mohammad Habeeb
  •  
FredNogueira

Messages: 1
Karma: 0
Send a private message to this user
I have the same problem...
[20/Apr/2012 23:48:54] DROP packet with bad format from "localhost", proto:TCP, len:1500, 192.168.xx.xx -> 192.168.xx.xx, plen:1480
The Kerio is "dropping" my AD, but until last week was ok!

Any idea what's happening?


TKS
Previous Topic: Can the Kerio Control slow down the upload?
Next Topic: Problem accessing CCTV through wan
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 17 11:20:41 CEST 2017

Total time taken to generate the page: 0.00460 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.