ronia Posted July 1 Share Posted July 1 Hello, I am trying to interpret a few log entries in the system log and could use some advice/clarification: Log #1: Jun 30 06:14:30 Dammerung sshd[28970]: Connection from 192.168.1.1 port 60192 on 192.168.1.219 port 22 rdomain "" Jun 30 06:14:30 Dammerung sshd[28970]: error: kex_exchange_identification: Connection closed by remote host Jun 30 06:14:30 Dammerung sshd[28970]: Connection closed by 192.168.1.1 port 60192 Jun 30 10:34:31 Dammerung sshd[7721]: Connection from 192.168.1.1 port 48508 on 192.168.1.219 port 22 rdomain "" Jun 30 10:34:31 Dammerung sshd[7721]: error: kex_exchange_identification: Connection closed by remote host Jun 30 10:34:31 Dammerung sshd[7721]: Connection closed by 192.168.1.1 port 48508 Jun 30 10:58:01 Dammerung sshd[31431]: Connection from 192.168.1.1 port 50198 on 192.168.1.219 port 22 rdomain "" Jun 30 10:58:01 Dammerung sshd[31431]: error: kex_exchange_identification: Connection closed by remote host Jun 30 10:58:01 Dammerung sshd[31431]: Connection closed by 192.168.1.1 port 50198 I think this means that the router (gateway?) received an SSH request on port 60192 and forwarded it to my server at 192.168.1.219. Kinda strange since I thought I had configured my router correctly to reject external SSH requests. To be safe, I've disabled SSH on my server since I'm not really using it right now anyways. Also, given the frequency and range of ports that are being sent from, it seems like it's probably a port scanner? Log #2: Jul 1 08:00:01 Dammerung kernel: mdcmd (37): nocheck pause Jul 1 08:00:01 Dammerung kernel: Jul 1 08:00:01 Dammerung kernel: md: recovery thread: exit status: -4 I tried looking up what this exit status code meant, but found a lot of results on parity errors during parity check. To be fair, July 1st IS parity day for me, but there's no parity errors and I don't have correction enabled on error. This is slightly concerning for me, since I definitely don't want the parity checker to automatically correct any errors. I definitely want to be notified if it found any errors. Log #3: Jun 29 20:10:47 Dammerung kernel: br-3437dc8a3ec7: port 5(vethcaedd2b) entered disabled state Jun 29 20:10:47 Dammerung kernel: veth7fe8ad3: renamed from eth0 Jun 29 20:10:47 Dammerung kernel: br-3437dc8a3ec7: port 5(vethcaedd2b) entered disabled state Jun 29 20:10:47 Dammerung kernel: device vethcaedd2b left promiscuous mode Jun 29 20:10:47 Dammerung kernel: br-3437dc8a3ec7: port 5(vethcaedd2b) entered disabled state Jun 29 20:10:47 Dammerung kernel: br-3437dc8a3ec7: port 5(vethdd8dc60) entered blocking state Jun 29 20:10:47 Dammerung kernel: br-3437dc8a3ec7: port 5(vethdd8dc60) entered disabled state Jun 29 20:10:47 Dammerung kernel: device vethdd8dc60 entered promiscuous mode Jun 29 20:10:47 Dammerung kernel: br-3437dc8a3ec7: port 5(vethdd8dc60) entered blocking state Jun 29 20:10:47 Dammerung kernel: br-3437dc8a3ec7: port 5(vethdd8dc60) entered forwarding state Jun 29 20:10:48 Dammerung kernel: br-3437dc8a3ec7: port 5(vethdd8dc60) entered disabled state Jun 29 20:10:48 Dammerung kernel: eth0: renamed from veth730cec0 Jun 29 20:10:48 Dammerung kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vethdd8dc60: link becomes ready Jun 29 20:10:48 Dammerung kernel: br-3437dc8a3ec7: port 5(vethdd8dc60) entered blocking state Jun 29 20:10:48 Dammerung kernel: br-3437dc8a3ec7: port 5(vethdd8dc60) entered forwarding state Jun 29 20:10:55 Dammerung kernel: docker0: port 5(vethe13c685) entered disabled state Jun 29 20:10:55 Dammerung kernel: vethd8b9cdc: renamed from eth0 Jun 29 20:10:55 Dammerung kernel: docker0: port 5(vethe13c685) entered disabled state Jun 29 20:10:55 Dammerung kernel: device vethe13c685 left promiscuous mode Jun 29 20:10:55 Dammerung kernel: docker0: port 5(vethe13c685) entered disabled state Jun 29 20:10:56 Dammerung kernel: docker0: port 5(vethb13c354) entered blocking state Jun 29 20:10:56 Dammerung kernel: docker0: port 5(vethb13c354) entered disabled state Jun 29 20:10:56 Dammerung kernel: device vethb13c354 entered promiscuous mode Jun 29 20:10:56 Dammerung kernel: docker0: port 5(vethb13c354) entered blocking state Jun 29 20:10:56 Dammerung kernel: docker0: port 5(vethb13c354) entered forwarding state Jun 29 20:10:56 Dammerung kernel: eth0: renamed from veth760f68a Jun 29 20:10:56 Dammerung kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vethb13c354: link becomes ready This one isn't actually a warning or an error. I'm just curious what it means. It appears sporadically every day at random times. Is it some kind of instability? Is it indicating that the link dropped and needed to renegotiate? Is it just operating system black magic? Quote Link to comment
Solution ronia Posted July 2 Author Solution Share Posted July 2 (edited) I think I know what log #2 is. Looking at the timestamps, it seems like this coincides with the accumulation duration. So this is just probably the checker being disabled. Update: Log #1 seems to have disappeared after disabling ssh and Log #3 appears to be from an app starting/stopping (as discussed here: https://forums.unraid.net/topic/77703-solved-eth0-renamed-from-vethxxx-vethxxx-renamed-from-eth0/). Edited July 3 by ronia Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.