Jump to content

[OS 6.12.10]: Interpreting system log entries


Go to solution Solved by ronia,

Recommended Posts

Hello,

 

I am trying to interpret a few log entries in the system log and could use some advice/clarification:

 

Log #1:

Jun 30 06:14:30 Dammerung sshd[28970]: Connection from 192.168.1.1 port 60192 on 192.168.1.219 port 22 rdomain ""
Jun 30 06:14:30 Dammerung sshd[28970]: error: kex_exchange_identification: Connection closed by remote host
Jun 30 06:14:30 Dammerung sshd[28970]: Connection closed by 192.168.1.1 port 60192
Jun 30 10:34:31 Dammerung sshd[7721]: Connection from 192.168.1.1 port 48508 on 192.168.1.219 port 22 rdomain ""
Jun 30 10:34:31 Dammerung sshd[7721]: error: kex_exchange_identification: Connection closed by remote host
Jun 30 10:34:31 Dammerung sshd[7721]: Connection closed by 192.168.1.1 port 48508
Jun 30 10:58:01 Dammerung sshd[31431]: Connection from 192.168.1.1 port 50198 on 192.168.1.219 port 22 rdomain ""
Jun 30 10:58:01 Dammerung sshd[31431]: error: kex_exchange_identification: Connection closed by remote host
Jun 30 10:58:01 Dammerung sshd[31431]: Connection closed by 192.168.1.1 port 50198

 

I think this means that the router (gateway?) received an SSH request on port 60192 and forwarded it to my server at 192.168.1.219.  Kinda strange since I thought I had configured my router correctly to reject external SSH requests.  To be safe, I've disabled SSH on my server since I'm not really using it right now anyways.  Also, given the frequency and range of ports that are being sent from, it seems like it's probably a port scanner?

 

Log #2:

Jul  1 08:00:01 Dammerung kernel: mdcmd (37): nocheck pause
Jul  1 08:00:01 Dammerung kernel: 
Jul  1 08:00:01 Dammerung kernel: md: recovery thread: exit status: -4

I tried looking up what this exit status code meant, but found a lot of results on parity errors during parity check.  To be fair, July 1st IS parity day for me, but there's no parity errors and I don't have correction enabled on error.  This is slightly concerning for me, since I definitely don't want the parity checker to automatically correct any errors.  I definitely want to be notified if it found any errors.

 

Log #3:

Jun 29 20:10:47 Dammerung kernel: br-3437dc8a3ec7: port 5(vethcaedd2b) entered disabled state
Jun 29 20:10:47 Dammerung kernel: veth7fe8ad3: renamed from eth0
Jun 29 20:10:47 Dammerung kernel: br-3437dc8a3ec7: port 5(vethcaedd2b) entered disabled state
Jun 29 20:10:47 Dammerung kernel: device vethcaedd2b left promiscuous mode
Jun 29 20:10:47 Dammerung kernel: br-3437dc8a3ec7: port 5(vethcaedd2b) entered disabled state
Jun 29 20:10:47 Dammerung kernel: br-3437dc8a3ec7: port 5(vethdd8dc60) entered blocking state
Jun 29 20:10:47 Dammerung kernel: br-3437dc8a3ec7: port 5(vethdd8dc60) entered disabled state
Jun 29 20:10:47 Dammerung kernel: device vethdd8dc60 entered promiscuous mode
Jun 29 20:10:47 Dammerung kernel: br-3437dc8a3ec7: port 5(vethdd8dc60) entered blocking state
Jun 29 20:10:47 Dammerung kernel: br-3437dc8a3ec7: port 5(vethdd8dc60) entered forwarding state
Jun 29 20:10:48 Dammerung kernel: br-3437dc8a3ec7: port 5(vethdd8dc60) entered disabled state
Jun 29 20:10:48 Dammerung kernel: eth0: renamed from veth730cec0
Jun 29 20:10:48 Dammerung kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vethdd8dc60: link becomes ready
Jun 29 20:10:48 Dammerung kernel: br-3437dc8a3ec7: port 5(vethdd8dc60) entered blocking state
Jun 29 20:10:48 Dammerung kernel: br-3437dc8a3ec7: port 5(vethdd8dc60) entered forwarding state
Jun 29 20:10:55 Dammerung kernel: docker0: port 5(vethe13c685) entered disabled state
Jun 29 20:10:55 Dammerung kernel: vethd8b9cdc: renamed from eth0
Jun 29 20:10:55 Dammerung kernel: docker0: port 5(vethe13c685) entered disabled state
Jun 29 20:10:55 Dammerung kernel: device vethe13c685 left promiscuous mode
Jun 29 20:10:55 Dammerung kernel: docker0: port 5(vethe13c685) entered disabled state
Jun 29 20:10:56 Dammerung kernel: docker0: port 5(vethb13c354) entered blocking state
Jun 29 20:10:56 Dammerung kernel: docker0: port 5(vethb13c354) entered disabled state
Jun 29 20:10:56 Dammerung kernel: device vethb13c354 entered promiscuous mode
Jun 29 20:10:56 Dammerung kernel: docker0: port 5(vethb13c354) entered blocking state
Jun 29 20:10:56 Dammerung kernel: docker0: port 5(vethb13c354) entered forwarding state
Jun 29 20:10:56 Dammerung kernel: eth0: renamed from veth760f68a
Jun 29 20:10:56 Dammerung kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vethb13c354: link becomes ready

This one isn't actually a warning or an error.  I'm just curious what it means.  It appears sporadically every day at random times.  Is it some kind of instability?  Is it indicating that the link dropped and needed to renegotiate?  Is it just operating system black magic?

Link to comment
  • Solution
Posted (edited)

I think I know what log #2 is.  Looking at the timestamps, it seems like this coincides with the accumulation duration.  So this is just probably the checker being disabled.

 

Update: Log #1 seems to have disappeared after disabling ssh and Log #3 appears to be from an app starting/stopping (as discussed here: https://forums.unraid.net/topic/77703-solved-eth0-renamed-from-vethxxx-vethxxx-renamed-from-eth0/).  

Edited by ronia
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...