- 论坛徽章:
- 0
|
各位大神:
情况是这样的,我们这边有一台日志服务器,专门接收外部设备发过来的log并进行分析处理。
但是这次有一个平台发过来log之后,log出现在终端页面。ssh上都是报警,没有办法打命令。
我在网上查了写关于 Message from syslog 的问题,有说是模块的问题
[root@localhost ~]# /etc/init.d/syslog stop //先停止syslog:
[root@localhost init.d]# lsmod | grep edac
i3200_edac 9545 0
edac_mc 26513 1 i3200_edac
[root@localhost init.d]# rmmod i3200_edac
[root@localhost init.d]# rmmod edac_mc
[root@localhost ~]# /etc/init.d/syslog stop //再开启syslog:
卸载 i3200_edac edac_mc 两个模块,不报警。
原因:是在开机前将外轩的usb光驱拔掉引起的.
但是我在服务器上执行 [root@localhost init.d]# lsmod | grep edac 并没有这两个模块。
在论坛里搜了,都说是kernel的问题,但是在log里 并没有关于kernel的字眼。
所以烦请各位大神,有没有类型经历的,或给小弟支支招,提一些解决办法。小弟现在比较急。
谢谢了!
下面贴出报出在屏幕的部分log。
Message from syslogd@ at Tue Jun 25 14:37:57 2013 ...
10.193.16.205 SyslogAlertForwarder: Medium P2P: TeamViewer Traffic Detected 12 Blocked Outbound CC3000 10.207.40.99 N/A 10.191.113.100 N/A PolicyViolation
Message from syslogd@ at Tue Jun 25 14:37:58 2013 ...
10.193.16.205 SyslogAlertForwarder: Medium HTTP: Adobe Flash Player Core Memory Corruption VII 1 May be successful Inbound TL3050 10.191.112.45 80 10.200.24.174 2789 Exploit
Message from syslogd@ at Tue Jun 25 14:37:59 2013 ...
10.193.16.205 SyslogAlertForwarder: Medium TCP: SYN Host Sweep 1 Suspicious Inbound JY3000 10.207.125.2 0 N/A 445 Reconnaissance
Message from syslogd@ at Tue Jun 25 14:37:59 2013 ...
10.193.16.205 SyslogAlertForwarder: Medium ARP: ARP Spoofing Detected 1 Suspicious Outbound JY3000 0.0.0.0 0 192.168.0.120 0 PolicyViolation
Message from syslogd@ at Tue Jun 25 14:38:03 2013 ...
10.193.16.205 SyslogAlertForwarder: Medium ARP: ARP Spoofing Detected 1 Suspicious Outbound JY3000 0.0.0.0 0 192.168.0.120 0 PolicyViolation
Message from syslogd@ at Tue Jun 25 14:38:03 2013 ...
10.193.16.205 SyslogAlertForwarder: Medium HTTP: IE NULL Character Evasion 1 May be successful Outbound TL3050 10.191.48.19 N/A 10.191.113.103 N/A Exploit
Message from syslogd@ at Tue Jun 25 14:38:03 2013 ...
10.193.16.205 SyslogAlertForwarder: Medium HTTP: IE NULL Character Evasion 4 May be successful Outbound TL3050 10.191.48.19 N/A 10.191.113.104 N/A Exploit
Message from syslogd@ at Tue Jun 25 14:38:05 2013 ...
10.193.16.205 SyslogAlertForwarder: Medium Kerberos: Kerberos Login Bruteforce Detected 1 Suspicious Outbound JY3000 10.200.0.22 88 10.138.5.95 0 Reconnaissance
Message from syslogd@ at Tue Jun 25 14:38:05 2013 ...
10.193.16.205 SyslogAlertForwarder: Medium IP: source equals destination 12 May be successful Inbound JY3000 10.200.0.241 N/A 10.200.0.241 N/A Exploit
Message from syslogd@ at Tue Jun 25 14:38:06 2013 ...
10.193.16.205 SyslogAlertForwarder: Medium TCP: SYN Host Sweep 1 Suspicious Outbound JY3000 10.200.22.88 0 N/A 445 Reconnaissance
Message from syslogd@ at Tue Jun 25 14:38:07 2013 ...
10.193.16.205 SyslogAlertForwarder: Medium P2P: Skype Logon Process Detected 1 Blocked Outbound TL3050-2 10.191.113.100 48461 91.190.218.59 443 PolicyViolation
Message from syslogd@ at Tue Jun 25 14:38:07 2013 ...
10.193.16.205 SyslogAlertForwarder: Medium UDP: Port Scan 1 Suspicious Inbound CC3000 10.193.16.106 53 10.207.40.102 N/A Reconnaissance
Message from syslogd@ at Tue Jun 25 14:38:08 2013 ...
10.193.16.205 SyslogAlertForwarder: Medium TCP: SYN Host Sweep 1 Suspicious Outbound TL3050-2 10.191.113.100 0 N/A 80 Reconnaissance |
|
免费注册
发表于 2013-06-25 14:41
