Found it. Love it. Good job! Keep up the good work!v2.1_2 is up
- asks to install uiScribe when you install (not update) scribe
- removes uiScribe if present when you remove scribe
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=5.39.221.54 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=11160 PROTO=TCP SPT=57790 DPT=9386 SEQ=1890466525 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:37:34.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=152.231.29.79 DST=[RO.UT.ER.IP] LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=40799 PROTO=TCP SPT=65521 DPT=23 SEQ=1197290991 ACK=0 WINDOW=53977 RES=0x00 SYN URGP=0 OPT (02040218) MARK=0x8000000
2019-06-17 17:36:48.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=185.176.26.100 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=45482 PROTO=TCP SPT=52693 DPT=4301 SEQ=1972933768 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:36:44.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=120.52.152.16 DST=[RO.UT.ER.IP] LEN=41 TOS=0x00 PREC=0x00 TTL=235 ID=15463 PROTO=UDP SPT=49019 DPT=9600 LEN=21 MARK=0x8000000
2019-06-17 17:36:20.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=92.53.65.52 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52190 PROTO=TCP SPT=41928 DPT=3463 SEQ=1613951926 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:36:06.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=185.176.27.246 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=25579 PROTO=TCP SPT=56994 DPT=3401 SEQ=3627637581 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:34:33.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=45.14.151.10 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=36810 DPT=60001 SEQ=86921169 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:34:23.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=92.118.37.86 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=9151 PROTO=TCP SPT=54659 DPT=40110 SEQ=3830024958 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:32:45.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=222.186.174.95 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=42687 DPT=2433 SEQ=2780758016 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:28:42.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=81.22.45.22 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27240 PROTO=TCP SPT=54020 DPT=3344 SEQ=258822807 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:27:17.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=146.88.240.4 DST=[RO.UT.ER.IP] LEN=63 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=UDP SPT=37892 DPT=53 LEN=43 MARK=0x8000000
2019-06-17 17:26:52.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=178.73.215.171 DST=[RO.UT.ER.IP] LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=35426 DPT=102 SEQ=3031229858 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405AC) MARK=0x8000000
2019-06-17 17:26:13.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=83.209.98.36 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=40 ID=53933 PROTO=TCP SPT=22730 DPT=23 SEQ=1197290991 ACK=0 WINDOW=18648 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:25:58.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=5.39.221.54 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=35501 PROTO=TCP SPT=56345 DPT=9385 SEQ=2862521323 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:25:55.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=49.67.132.168 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=27152 PROTO=TCP SPT=45013 DPT=23 SEQ=1197290991 ACK=0 WINDOW=39397 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:25:25.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=81.22.45.251 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=58837 PROTO=TCP SPT=51251 DPT=5927 SEQ=2745485085 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:25:05.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=60.190.56.9 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=99 ID=256 PROTO=TCP SPT=39091 DPT=1433 SEQ=1921318912 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:24:58.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=37.49.231.105 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=35840 PROTO=TCP SPT=55744 DPT=50802 SEQ=1808498589 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:24:51.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=5.188.210.158 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=2483 PROTO=TCP SPT=58913 DPT=8181 SEQ=3839239081 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:23:37.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=34.87.16.239 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=19479 PROTO=TCP SPT=32767 DPT=8545 SEQ=1404065945 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:23:21.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=81.22.45.22 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=64198 PROTO=TCP SPT=54020 DPT=3314 SEQ=290112475 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:22:49.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=162.243.145.44 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=37336 DPT=2078 SEQ=3614270277 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:21:48.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=5.188.86.114 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=9588 PROTO=TCP SPT=56949 DPT=2016 SEQ=1547179899 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:21:25.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=81.22.45.254 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=13275 PROTO=TCP SPT=48815 DPT=7389 SEQ=174791401 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:20:56.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=81.22.45.252 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=43551 PROTO=TCP SPT=44517 DPT=455 SEQ=1305124407 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:19:36.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=178.128.214.153 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52693 PROTO=TCP SPT=52252 DPT=3389 SEQ=1507783943 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:19:34.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=185.176.26.101 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=63003 PROTO=TCP SPT=52697 DPT=4920 SEQ=2799161548 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:19:33.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=185.176.27.58 DST=[RO.UT.ER.IP] LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=63319 PROTO=TCP SPT=55350 DPT=7026 SEQ=2658523594 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2019-06-17 17:19:14.000
[BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=111.182.39.109 DST=[RO.UT.ER.IP] LEN=28 TOS=0x00 PREC=0x00 TTL=107 ID=52789 PROTO=ICMP TYPE=8 CODE=0 ID=3445 SEQ=54887 MARK=0x8000000
I don't know how Splunk works ... if Skynet is detected when installing scribe, it adds a filter to put the Skynet messages into /opt/var/log/skynet-0.log, along with a number of other filters. All of the log files are put into /opt/var/log, you can only see /tmp/syslog.log because it is symlinked to /opt/var/log/messages, which is the default logging file.I am getting data (system messages) from the router into Splunk via syslog just fine however data from Skynet appears to be getting forked out into it’s own log which is not being sent. So I don’t think Splunk is a factor it seems to be more a scribe/syslog-ng issue. This did start after I installed syslog-ng and scribe. My original intention was to filter out all of the "protocol 0800 is buggy...” messages.
Heh, oh yeah, forgot about dropping the flags(final) so it would go to both places. Good point.Still unclear on how things go to splunk, but if you want the skynet messages to drop to the symlink messages file, then delete the part in the skynet configuration file that says "flags(final)". The message will then continue on to the messages file, and if that file is going to splunk then the other messages will too.
You can do the opposite to filter out the protocol 0800 messages. Use a filter that matches that, and either file the statement or drop it using flags(final). It won't go to messages then.
(moved here to keep it on topic)Is there a way to hide the IOT - BLOCKED events from showing in the syslog?
Do you want to continue installation of scribe [y|n]? y
fetching scribe from GitHub master branch ...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (60) SSL certificate problem: certificate is not yet valid
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
scribe GitHub repository is unavailable! -- Aborting.
Check your system timeCode:Do you want to continue installation of scribe [y|n]? y fetching scribe from GitHub master branch ... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: certificate is not yet valid More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. scribe GitHub repository is unavailable! -- Aborting.
You are correct... I think I may have found the culprit too the clock was not getting set between the amount of time it took for the router to set the time, and the time the mounting of the usb disk starts. I have amtm with the disk check feature added and for some reason it forces the router to use router default time and completely skip getting the correct time, if the wait time to get the correct time takes too long.Check your system time
If you have another box on your network that can serve time, you can add the script at https://gist.github.com/cynicastic/ced78fac27de4394b67977802d76c0d9 to /jffs/scripts, make it executable, and call it from init-start as described in the comments in the script. That will set the time as early as possible.My solution to the issue was simply adding a sufficient enough sleep time to the pre-mount that was dependent on whether ntp was ready on the nvram variable.
I have seen these types of scripts, but never used them. Will the ntp ready variable reach 1 if a script like this is used way early on in the boot?If you have another box on your network that can serve time, you can add the script at https://gist.github.com/cynicastic/ced78fac27de4394b67977802d76c0d9 to /jffs/scripts, make it executable, and call it from init-start as described in the comments in the script. That will set the time as early as possible.
Yes, the script sets it at line 33 once it successfully syncs the time.I have seen these types of scripts, but never used them. Will the ntp ready variable reach 1 if a script like this is used way early on in the boot?
my solution was to simple create a wait loop around the ntp ready variable and only starting the disk check if the parameters were true.
Though your script works well,Yes, the script sets it at line 33 once it successfully syncs the time.
#!/bin/sh
logger -t "$(basename $0)" "checking if NTP is Ready, before starting Disk Check"
if [ "$(nvram get ntp_ready)" = "1" ]; then
logger -t "$(basename $0)" "NTP is Ready, Starting Disk Check"
. /jffs/scripts/disk-check # Added by amtm
else
while [ "$(nvram get ntp_ready)" = "0" ]
do
sleep 1
if [ "$(nvram get ntp_ready)" = "1" ]; then
break
. /jffs/scripts/disk-check # Added by amtm
logger -t "$(basename $0)" "NTP is Ready, Starting Disk Check"
fi
done
fi
This is already built into amtm disk-check...Though your script works well,
i chose to go with this because it allows me to keep my hands out of actually modifying the nvram, with to many unknowns and what ifs, i feel more comfortable with a wait loop that breaks away when the condition is met.
Code:#!/bin/sh logger -t "$(basename $0)" "checking if NTP is Ready, before starting Disk Check" if [ "$(nvram get ntp_ready)" = "1" ]; then logger -t "$(basename $0)" "NTP is Ready, Starting Disk Check" . /jffs/scripts/disk-check # Added by amtm else while [ "$(nvram get ntp_ready)" = "0" ] do sleep 1 if [ "$(nvram get ntp_ready)" = "1" ]; then break . /jffs/scripts/disk-check # Added by amtm logger -t "$(basename $0)" "NTP is Ready, Starting Disk Check" fi done fi
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!