log /val/messanges

[rlucatto]

amigos bom dia
resente mente instalei m firewall linux redhat 8
essa semana duas ou trez vesez tive um log estranho nao entendi alguem poderia me ajudar
obrigado
####
Mar 27 04:02:08 net syslogd 1.4.1: restart.

Mar 27 04:05:18 net kernel: smtpIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63747 DF PROTO=TCP SPT=2636 DPT=25 WINDOW=32767 RES=0x00 SYN URGP=0

Mar 27 04:05:18 net kernel: smtpIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63748 DF PROTO=TCP SPT=2636 DPT=25 WINDOW=32767 RES=0x00 ACK URGP=0

Mar 27 04:05:18 net kernel: smtpIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63749 DF PROTO=TCP SPT=2636 DPT=25 WINDOW=32767 RES=0x00 ACK URGP=0

Mar 27 04:05:18 net kernel: smtpIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=63750 DF PROTO=TCP SPT=2636 DPT=25 WINDOW=32767 RES=0x00 ACK PSH URGP=0

Mar 27 04:05:18 net kernel: smtpIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=100 TOS=0x00 PREC=0x00 TTL=64 ID=63751 DF PROTO=TCP SPT=2636 DPT=25 WINDOW=32767 RES=0x00 ACK PSH URGP=0

Mar 27 04:05:18 net kernel: smtpIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=95 TOS=0x00 PREC=0x00 TTL=64 ID=63752 DF PROTO=TCP SPT=2636 DPT=25 WINDOW=32767 RES=0x00 ACK PSH URGP=0

Mar 27 04:05:19 net kernel: smtpIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=809 TOS=0x00 PREC=0x00 TTL=64 ID=63753 DF PROTO=TCP SPT=2636 DPT=25 WINDOW=32767 RES=0x00 ACK PSH URGP=0

Mar 27 04:05:19 net kernel: smtpIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=55 TOS=0x00 PREC=0x00 TTL=64 ID=63754 DF PROTO=TCP SPT=2636 DPT=25 WINDOW=32767 RES=0x00 ACK PSH URGP=0

Mar 27 04:05:19 net kernel: smtpIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63755 DF PROTO=TCP SPT=2636 DPT=25 WINDOW=32767 RES=0x00 ACK URGP=0

Mar 27 04:05:19 net kernel: smtpIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=58 TOS=0x00 PREC=0x00 TTL=64 ID=63756 DF PROTO=TCP SPT=2636 DPT=25 WINDOW=32767 RES=0x00 ACK PSH URGP=0

Mar 27 04:05:19 net kernel: smtpIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63757 DF PROTO=TCP SPT=2636 DPT=25 WINDOW=32767 RES=0x00 ACK URGP=0

Mar 27 04:05:19 net kernel: smtpIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63758 DF PROTO=TCP SPT=2636 DPT=25 WINDOW=32767 RES=0x00 ACK FIN URGP=0

[Danilo_Montagna]

aparentemente é algum processo que seu servidor de mail esta fazendo... pela interface loopback... ou seja.. esse servidor deve esatr instalado na maquina firewall.. e vc deve estar logando o trafego loopback tb,,

[rlucatto]

estranho que nao estou fazendo log do loopback

[Danilo_Montagna]

bom.. mais com certeza vc tem alguma regra com esse log-prefix

kernel: smtpIN

talvez ele loga como loopbakc pelo fato do processo ser local..

mais o log é de smtpIN