NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
FVS336GV3 suddenly starts to sends Log files
I am not sure why, but all out of the blue it is starting to send out Logfiles by email to my account.
Why?
this is a copy of it.. a bit.... and i dont understand why it would do such a thing . Can anybody help me with this?
[FVS336GV3]Tue Mar 1 20:01:11 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=141.212.122.198 DST=10.0.0.10 PROTO=TCP SPT=58844 DPT=443 [FVS336GV3]Tue Mar 1 20:01:11 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=141.212.122.197 DST=10.0.0.10 PROTO=TCP SPT=59156 DPT=443 [FVS336GV3]Tue Mar 1 20:01:12 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=141.212.122.193 DST=10.0.0.10 PROTO=TCP SPT=40600 DPT=443 [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=83.219.82.210 DST=10.0.0.100 PROTO=TCP SPT=1717 DPT=8066 [FVS336GV3]Tue Mar 1 20:04:22 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=195.22.126.17 DST=10.0.0.10 PROTO=TCP SPT=62188 DPT=25
3
[FVS336GV3]Tue Mar 1 20:09:16 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=195.22.126.17 DST=10.0.0.10 PROTO=TCP SPT=49823 DPT=25
3
[FVS336GV3]Tue Mar 1 20:14:02 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=195.22.126.17 DST=10.0.0.10 PROTO=TCP SPT=51126 DPT=25
3
[FVS336GV3]Tue Mar 1 20:15:22 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] xt_TCPMSS: bad length (312 bytes)
OUT=LAN src=195.22.126.17 DST=10.0.0.10 PROTO=TCP SPT=51126 DPT=25
3
[FVS336GV3]Tue Mar 1 20:18:47 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=195.22.126.17 DST=10.0.0.10 PROTO=TCP SPT=53363 DPT=25
3
[FVS336GV3]Tue Mar 1 20:23:32 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=195.22.126.17 DST=10.0.0.10 PROTO=TCP SPT=57211 DPT=25
3
[FVS336GV3]Tue Mar 1 20:28:22 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=195.22.126.17 DST=10.0.0.10 PROTO=TCP SPT=53391 DPT=25
3
[FVS336GV3]Tue Mar 1 20:33:07 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=195.22.126.17 DST=10.0.0.10 PROTO=TCP SPT=49820 DPT=25
3
[FVS336GV3]Tue Mar 1 20:34:23 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=180.97.106.37 DST=10.0.0.10 PROTO=TCP SPT=40405 DPT=443
[FVS336GV3]Tue Mar 1 20:37:53 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=195.22.126.17 DST=10.0.0.10 PROTO=TCP SPT=64090 DPT=25
[FVS336GV3]Tue Mar 1 20:42:43 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=195.22.126.17 DST=10.0.0.10 PROTO=TCP SPT=59824 DPT=25
[FVS336GV3]Tue Mar 1 20:47:28 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=195.22.126.17 DST=10.0.0.10 PROTO=TCP SPT=61219 DPT=25
[FVS336GV3]Tue Mar 1 20:52:13 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=195.22.126.17 DST=10.0.0.10 PROTO=TCP SPT=51544 DPT=25
[FVS336GV3]Tue Mar 1 20:52:54 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=216.243.31.2 DST=10.0.0.10 PROTO=TCP SPT=44970 DPT=443
[FVS336GV3]Tue Mar 1 20:56:59 2016((GMT+0100)) [FVS336GV3][Kernel][KERNEL] [FIREWALL] WAN_LAN[ACCEPT] IN=WAN OUT=LAN src=195.22.126.17 DST=10.0.0.10 PROTO=TCP SPT=51149 DPT=25
Kind regards
Ben.
7 Replies
Hello BenHelder,
Welcome to the community!
Can you provide a screenshot of your Firewall logs configuration? Please go to Monitoring>Firewall Logs & E-mail, do a screen capture and insert the image on your post reply.
Thanks,
Noticed since setting it up never any firewall messeges ever? There are system messages but anything from the [firewall] is absent. Any help on this...
Did some port scans and nothing showed up in the log. Everything was stealth port wise.
Hi sonny_E,
Welcome to the community! :)
Kindly answer the questions below:
a. What is the model of the NETGEAR VPN Firewall you are referring to?
b. On the web-GUI of your NETGEAR VPN Firewall, go to Monitoring > Firewall Logs & E-mail. Are all options check in the Routing Logs, System Logs and Other Event Logs? It would be best if you post a screenshot of it.
c. What is the current firmware version of the NETGEAR VPN Firewall you are referring to?
d. Have you tried to perform a factory reset then reconfigure your NETGEAR VPN Firewall then check if same problem occurs?
I look forward to your response.
Regards,
DaneA
NETGEAR Community Team
Hello
FVS336v3 with the latest firmware as of a couple days back. See what you think? Thanks so much Only lets you paste so much...
Sun Aug 28 09:08:18 2016((GMT-0800)) [FVS336GV3][System][LOGIN] SSL_INFO : Login Successful for geardomain user admin(Admin) from host 192.168.1.100
Fri Aug 26 20:58:22 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] HTB: quantum of class 11024 is big. Consider r2q change.
Fri Aug 26 20:58:22 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] HTB: quantum of class 10001 is big. Consider r2q change.
Fri Aug 26 20:58:22 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] p->perfect 0000000000000000 p->h a8000000044c4e00
Fri Aug 26 20:58:22 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] tcindex_dump(tp a80000000610ea00,fh 0x0,skb a800000003596380,t a800000006d92010),p a80000000610e980,r 0000000000000000,b a800000006d92038
Fri Aug 26 20:58:22 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] tcindex_change(tp a80000000610ea00,handle 0x00000000,tca a800000007c05a80,arg a800000003563950),opt a800000004a70c30,p a80000000610e980,r 0000000000000000,*arg 0x0
Fri Aug 26 20:58:22 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] tcindex_get(tp a80000000610ea00,handle 0x00000000)
Fri Aug 26 20:58:22 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] tcindex_init(tp a80000000610ea00)
Fri Aug 26 20:58:22 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] tcindex_delete(tp a80000000610ea00,arg 0xa80000000610e908),p a80000000610e980,f 0000000000000000
Fri Aug 26 20:58:22 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] tcindex_walk(tp a80000000610ea00,walker a800000003653900),p a80000000610e980
Fri Aug 26 20:58:22 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] tcindex_destroy(tp a80000000610ea00),p a80000000610e980
Fri Aug 26 20:57:57 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.4093: no IPv6 routers present
Fri Aug 26 20:57:55 2016((GMT-0800)) [FVS336GV3][System][NIMF] Link Status of WAN1 is LINK UP
Fri Aug 26 20:57:47 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.4093: add 33:33:ff:0d:13:db mcast address to master interface
Fri Aug 26 20:57:47 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.4093: add 33:33:00:00:00:01 mcast address to master interface
Fri Aug 26 20:57:47 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.4093: add 01:00:5e:00:00:01 mcast address to master interface
Fri Aug 26 20:57:47 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.4093: Setting MAC address to 10 da 43 0d 13 db.
Fri Aug 26 20:57:47 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] IPsec: device down: eth0.4093
Fri Aug 26 20:57:47 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.4093: del 33:33:00:00:00:01 mcast address from master interface
Fri Aug 26 20:57:47 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.4093: del 33:33:00:00:00:01 mcast address from vlan interface
Fri Aug 26 20:57:47 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.4093: del 01:00:5e:00:00:01 mcast address from master interface
Fri Aug 26 20:57:47 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.4093: del 01:00:5e:00:00:01 mcast address from vlan interface
Fri Aug 26 20:57:47 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.4093: del 33:33:ff:10:75:00 mcast address from master interface
Fri Aug 26 20:57:47 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.4093: del 33:33:ff:10:75:00 mcast address from vlan interface
Fri Aug 26 20:57:46 2016((GMT-0800)) [FVS336GV3][System][NIMF] nimfAdvOptSetWrap: NIMF table is NimfStatus
Fri Aug 26 20:57:46 2016((GMT-0800)) [FVS336GV3][System][NIMF] Restarting WAN1 for IPv4
Fri Aug 26 20:57:46 2016((GMT-0800)) [FVS336GV3][System][NIMF] Link Status of WAN1 is LINK UP
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] HTB: quantum of class 11024 is big. Consider r2q change.
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] HTB: quantum of class 10001 is big. Consider r2q change.
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] p->perfect 0000000000000000 p->h a800000004a70e00
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] tcindex_dump(tp a80000000354af80,fh 0x0,skb a800000006d99800,t a800000006d9e010),p a80000000354af00,r 0000000000000000,b a800000006d9e038
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] tcindex_change(tp a80000000354af80,handle 0x00000000,tca a800000007c05a80,arg a800000003563950),opt a80000000706be30,p a80000000354af00,r 0000000000000000,*arg 0x0
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] tcindex_get(tp a80000000354af80,handle 0x00000000)
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] tcindex_init(tp a80000000354af80)
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] HTB: quantum of class 11024 is big. Consider r2q change.
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] HTB: quantum of class 10001 is big. Consider r2q change.
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] p->perfect 0000000000000000 p->h a800000004a70c00
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] tcindex_dump(tp a80000000610ea00,fh 0x0,skb a800000006da4e00,t a800000006da5010),p a80000000610e980,r 0000000000000000,b a800000006da5038
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] tcindex_change(tp a80000000610ea00,handle 0x00000000,tca a800000007c05a80,arg a800000003563950),opt a800000004a70e30,p a80000000610e980,r 0000000000000000,*arg 0x0
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] tcindex_get(tp a80000000610ea00,handle 0x00000000)
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] tcindex_init(tp a80000000610ea00)
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.1: no IPv6 routers present
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.1: add 33:33:ff:0d:13:cc mcast address to master interface
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.1: add 01:00:5e:00:00:01 mcast address to master interface
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.1: add 33:33:00:00:00:01 mcast address to master interface
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] VLAN (eth0.1): Setting underlying device (eth0) to promiscious mode.
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] device eth0 entered promiscuous mode
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] eth0.1: Setting MAC address to 10 da 43 0d 13 cc.
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] Loading ifDev module
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] using bcm switch bcm53115
Fri Aug 26 20:57:42 2016((GMT-0800)) [FVS336GV3][Kernel][KERNEL] Loading /home/release/FVS336GV3_P2.0/01JuneM15_v4_3_4_1/fvs336gv3/fvs336gv3_common/comps/switchdriver/src/switchdriver/linux/kernel/mii/octeon/mii.c
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
