cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
586
Views
0
Helpful
5
Replies

rv042 any too many security_notifications

jpblcm001
Level 1
Level 1

Hello, 

I have a RV042 and on LAN a RW110. I receive too many security_notifications with numerous line like this one :

May 10 12:26:59 2016 MYROUTER-NAME kernel: #warn<4> ACCESS_RULE: IN=eth1 OUT=eth0 SRC=192.168.0.40 DST=192.168.1.200 LEN=64 TOS=0x00 PREC=0x00 TTL=61 ID=51875 DF PROTO=TCP SPT=55321 DPT=3283 WINDOW=65535 RES=0x00 SYN URGP=0

the SRC IP is an IP on the distant LAN connected via VPN  ( a mac running osx 10.9)

the DST IP is the RW110 IP.

I receive many notifications (1or 2 and more by second, the mail of log is full every 10 seconds.

Any help appreciated, I'm a bit lost...

thank you very much.

 

5 Replies 5

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

You need to change the logging level on your router. the RV042 doesn't seem to have a concept of logging level (I was going to suggest setting it to error).

The log message appears to be describing an 'Allowed Policy' as it does not look like it is blocking the conversation.  This can be configured under 'Log -> System Log':

http://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf

...page 155

Which of your 'Log setting' check boxes are ticked?

cheers,

Seb.

Hello Seb,

my logs settings are "simple" : system error message, unauthorized login attempt and configuration changes.

The thing is that I have more than 80 macs (cloned install, so 100% identical but IP of course) on each LAN ( many others RW too) and only 3 of them make my logs crazy. 

Thank you again for your answer

Odd, I wouldn't have thought that the log message falls under any of those categories. Have you tried unchecking all the log setting checkboxes and seeing if the messages still persit?

I did. I'll post the next thing when appears

I saw in "incoming log table"  plenty of : 

Apr 19 13:13:32 2016 Kernel ipt_tcpmss_target: bad length (298 bytes)

The thing that bored me is the "why" only few equipment cause those errors, I also have some disconnections (AFP, Filemaker...) just like an invisible freeze with no log entries...

thanks

nothing change... still the mail full of logs

Review Cisco Networking for a $25 gift card