Want to subscribe to topics you're interested in?
Become a Member

Messages log on KVM and OpenVZ

Discussion in 'System Administration' started by Meirami, Mar 19, 2018.

  1. Meirami

    Meirami Member

    78
    8
    8
    Dec 21, 2017
    Ratings:
    +27
    Local Time:
    8:12 PM
    What is different in Centmin installation on KVM and OpenVZ because different messages fills messages log?

    KVM
    Code:
    Mar 19 12:01:47 ttest kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:52:54:00:85:8e:76:08:00 SRC=103.105.48.95 DST=255.255.255.255 LEN=202 TOS=0x00 PREC=0x00 TTL=64 ID=59405 DF PROTO=UDP SPT=51051 DPT=1900 LEN=182
    Mar 19 12:01:48 ttest kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:52:54:00:85:8e:76:08:00 SRC=103.105.48.95 DST=255.255.255.255 LEN=202 TOS=0x00 PREC=0x00 TTL=64 ID=59591 DF PROTO=UDP SPT=51051 DPT=1900 LEN=182
    Mar 19 12:01:49 ttest kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:52:54:00:85:8e:76:08:00 SRC=103.105.48.95 DST=255.255.255.255 LEN=202 TOS=0x00 PREC=0x00 TTL=64 ID=59818 DF PROTO=UDP SPT=51051 DPT=1900 LEN=182
    Mar 19 12:01:50 ttest kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:52:54:00:2a:82:ee:08:00 SRC=103.105.48.127 DST=255.255.255.255 LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=33587 DPT=5678 LEN=101
    Mar 19 12:01:50 ttest kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:52:54:00:85:8e:76:08:00 SRC=103.105.48.95 DST=255.255.255.255 LEN=202 TOS=0x00 PREC=0x00 TTL=64 ID=59821 DF PROTO=UDP SPT=51051 DPT=1900 LEN=182
    Mar 19 12:01:53 ttest kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:52:54:00:f6:0a:b3:08:00 SRC=103.105.48.131 DST=255.255.255.255 LEN=186 TOS=0x00 PREC=0x00 TTL=64 ID=8208 DF PROTO=UDP SPT=17500 DPT=17500 LEN=166
    Mar 19 12:02:02 ttest kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:52:54:00:48:32:af:08:00 SRC=185.214.69.17 DST=255.255.255.255 LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=5678 DPT=5678 LEN=101
    Mar 19 12:02:23 ttest kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:52:54:00:f6:0a:b3:08:00 SRC=103.105.48.131 DST=255.255.255.255 LEN=186 TOS=0x00 PREC=0x00 TTL=64 ID=11823 DF PROTO=UDP SPT=17500 DPT=17500 LEN=166
    Mar 19 12:02:32 ttest kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:52:54:00:36:c3:c6:08:00 SRC=185.208.170.115 DST=255.255.255.255 LEN=119 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=42547 DPT=5678 LEN=99
    Mar 19 12:02:35 ttest kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=52:54:00:f2:8d:09:0c:c4:7a:8f:6a:08:08:00 SRC=5.188.11.63 DST=185.208.170.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=43396 PROTO=TCP SPT=53502 DPT=5117 WINDOW=1024 RES=0x00 SYN URGP=0
    Mar 19 12:02:50 ttest kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:52:54:00:2a:82:ee:08:00 SRC=103.105.48.127 DST=255.255.255.255 LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=33587 DPT=5678 LEN=101
    Mar 19 12:02:53 ttest kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:52:54:00:f6:0a:b3:08:00 SRC=103.105.48.131 DST=255.255.255.255 LEN=186 TOS=0x00 PREC=0x00 TTL=64 ID=12626 DF PROTO=UDP SPT=17500 DPT=17500 LEN=166
    Mar 19 12:03:02 ttest kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:52:54:00:48:32:af:08:00 SRC=185.214.69.17 DST=255.255.255.255 LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=5678 DPT=5678 LEN=101
    
    OpenVZ
    Code:
    Mar 19 11:55:01 tiedot systemd: Starting Session 1186211 of user root.
    Mar 19 12:00:03 tiedot systemd: Started Session 1186446 of user root.
    Mar 19 12:00:03 tiedot systemd: Starting Session 1186446 of user root.
    Mar 19 12:00:03 tiedot systemd: Started Session 1186444 of user root.
    Mar 19 12:00:03 tiedot systemd: Starting Session 1186444 of user root.
    Mar 19 12:00:03 tiedot systemd: Created slice User Slice of nginx.
    Mar 19 12:00:03 tiedot systemd: Starting User Slice of nginx.
    Mar 19 12:00:03 tiedot systemd: Started Session 1186445 of user nginx.
    Mar 19 12:00:03 tiedot systemd: Starting Session 1186445 of user nginx.
    Mar 19 12:00:04 tiedot systemd: Removed slice User Slice of nginx.
    Mar 19 12:00:04 tiedot systemd: Stopping User Slice of nginx.
    Mar 19 12:01:01 tiedot systemd: Started Session 1186490 of user root.
    Mar 19 12:01:01 tiedot systemd: Starting Session 1186490 of user root.
    Mar 19 12:05:01 tiedot systemd: Started Session 1186644 of user root.
    Mar 19 12:05:01 tiedot systemd: Starting Session 1186644 of user root.
    
    How can I stop logging those messages or write them somewhere else?
    My main interest is in Openvz atm. :)

    ps.
    Is it safe to use Stat pages like opcache.php ("from outside") without sertificate? Can someone see the password without sertificate (=https) set?
     
  2. eva2000

    eva2000 Administrator Staff Member

    35,132
    7,753
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,956
    Local Time:
    3:12 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    how far into the messages log you're looking as both examples are normal and you shouldn't change their location

    Note Centmin Mod stats pages have unique randomised suffixes added to each file so it isn't easy to guess their locations + password protection.

    Generally only time that would potentially be a concern is if you on a public or unsecure wifi where folks can snoop in your wifi if you're not using a secure VPN connection. Using VPN connection would help and highly recommended for both wired and wireless connections in general. Will have to look into using HTTPS on main hostname but you can't do it straight up now if you use phpmyadmin.sh as it sets main hostname on HTTPS for just phpmyadmin url so need to rework 2 items here.
     
  3. Meirami

    Meirami Member

    78
    8
    8
    Dec 21, 2017
    Ratings:
    +27
    Local Time:
    8:12 PM
    Yes, those are normal but that's why I don't want to see them. I want to see lines where actually are usefull information. Now other lines disappears between those example lines.

    Ok, I'm worried even on wired or mobile data connection because there's a lot's of people saying 'do not ever write your password if there's not a green lock'. :) Using VPN it's not https from VPN to my centmin vps. Of course it's very rare situation when some one can be listening there...

    Thank you for your help again!
     
  4. eva2000

    eva2000 Administrator Staff Member

    35,132
    7,753
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,956
    Local Time:
    3:12 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    learn how to use grep/egrep to filter logs like message so if you want to exclude lines containing word UDP and systemd

    egrep -v exclude
    Code (Text):
    egrep -v 'UDP|systemd' /var/log/messages
    

    or exclude 'Firewall:'
    Code (Text):
    grep -v 'Firewall:' /var/log/messages
    

    or all 3 keywords to exclude
    Code (Text):
    egrep -v 'UDP|systemd|Firewall:' /var/log/messages
    

    or without -v to only filter lines containing systemd
    Code (Text):
    grep 'systemd' /var/log/messages
    

    or inspect all entries for specific time Mar 19 12:* for systemd
    Code (Text):
    grep 'Mar 19 12:' /var/log/messages | grep 'systemd'
    

    or inspect all entries for specific time Mar 19 12:* but exclude all 3 keywords
    Code (Text):
    grep 'Mar 19 12:' /var/log/messages | egrep -v 'UDP|systemd|Firewall:'
    

    that's proper way to inspect logs

    google search for learning how to use cat, tac, grep/egrep, awk, sed at least
     
    • Informative Informative x 2
..