Too much HTTP output connect logs

Question

I have about new 100 records per second in syslog, kern.log and debug. All they are similar and look like

kernel: [2927191.803601] new HTTP output connect: IN= OUT=venet0 SRC=2a03:f480:0001:0017:0000:0000:0000:00a6 DST=2a00:bdc0:0004:0008:0001:0000:0508:0109 LEN=198 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=TCP SPT=37871 DPT=443 WINDOW=225 RES=0x00 ACK PSH URGP=0

Every day I have to clean up logs because they are taking over all server free space. How can I figure out what causes these logs?

You might have to reduce the debugging levels of your log files. What *nix version are you running? — John K. N., Nov 15 '16 at 09:44

Fredi · Accepted Answer · 2016-12-12T09:29:57.553

0

This seem like the logs generated from iptables, chek the output of :

iptables -nvL

There should be some rule that jumps to log, example:

0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 LOG flags 0 level 4

If you don't need this logs drop the relative iptables rule. For the exact commands post the output of:

Updated

iptables -nvL | grep LOG

edited Dec 12 '16 at 09:29

answered Nov 10 '16 at 18:04

Fredi

2,257
10
13

It gives me an error. `# iptables -nvL | grep LOG output` `grep: output: No such file or directory` – Yurii Kravchuk Dec 11 '16 at 22:21
There was a typo in my command, corrected – Fredi Dec 12 '16 at 09:30

Too much HTTP output connect logs

1 Answers1

Updated