Utini 1 Posted December 21, 2014 Share Posted December 21, 2014 Hey there, I know that the "No application listening on the port" firewall log is usually no problem but it gets spamed into the log file every 2 seconds with the following entry: 21.12.2014 8:58:47 PM No application listening on the port 192.168.0.1:45810 255.255.255.255:7437 UDP Is this really normal? Any way to disable this from getting logged (logging it every 2 seconds must cost ressources too? ) Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted December 22, 2014 Administrators Share Posted December 22, 2014 Couldn't it be that you enabled logging of blocked communication in the IDS setup? If so, you should disable it as it only serves for troubleshooting firewall issues. Link to comment Share on other sites More sharing options...
Utini 1 Posted December 22, 2014 Author Share Posted December 22, 2014 Couldn't it be that you enabled logging of blocked communication in the IDS setup? If so, you should disable it as it only serves for troubleshooting firewall issues. Yep I have it enabled but the "No application listening on the port" is no blocking event? Link to comment Share on other sites More sharing options...
rugk 397 Posted December 22, 2014 Share Posted December 22, 2014 (edited) Well with that you're of course right. However I tested it and enabled this logging and it doesn't "spam" my firewall log (at least not in a 2 sec interval), so does it "fix" this issue if you disable the option? BTW AFAIK most attacks will still be logged even if you have disabled this option. Edit: Okay, no it spams (more or less) my firewall log. It's not such often and regularly so I could say it's in a 2 sec interval, but it's there. Edited December 22, 2014 by rugk Link to comment Share on other sites More sharing options...
Utini 1 Posted December 22, 2014 Author Share Posted December 22, 2014 Disabling the "log blocked events" will also disable the spamming. But I actually want blocked events to be logged. How ever, not if every 2-3 seconds another event is getting logged :/ Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted December 22, 2014 Administrators Share Posted December 22, 2014 Disabling the "log blocked events" will also disable the spamming. But I actually want blocked events to be logged. How ever, not if every 2-3 seconds another event is getting logged :/ If you don't want to disable logging, the firewall log may grow up to several hundred MB or even GB quite quickly. Needless to say that enabling debug logging has an adverse effect on performance as well. Link to comment Share on other sites More sharing options...
SweX 871 Posted December 22, 2014 Share Posted December 22, 2014 (edited) Disabling the "log blocked events" will also disable the spamming. But I actually want blocked events to be logged. How ever, not if every 2-3 seconds another event is getting logged :/ If you don't want to disable logging, the firewall log may grow up to several hundred MB or even GB quite quickly. Needless to say that enabling debug logging has an adverse effect on performance as well. Yeah like this: https://forum.eset.com/topic/3751-hips-log-over-3gb/ Keep HIPS and Firewall logging disabled, unless you're troubleshooting and might need the logs. Edited December 22, 2014 by SweX Link to comment Share on other sites More sharing options...
Arakasi 549 Posted December 23, 2014 Share Posted December 23, 2014 (edited) Yes, they are only used for reproducing an issue during troubleshooting purposes, and finding out where the problem lies. Logging of that type should be disabled. Unless you have a san server saving the logs and you are required to log everything lol. Edited December 23, 2014 by Arakasi Link to comment Share on other sites More sharing options...
Recommended Posts