Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 1436 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Log file filling up quickly

Tim Hall

In under a 24 period I have a logfile that fills up with this message:

2021:02:18-09:51:17 ast-thr-utm-001 httpproxy[16699]: id="0001" 
severity="info" sys="SecureWeb" sub="http" name="http access" 
action="pass" method="CONNECT" srcip="172.17.17.2" dstip="10.1.10.2" 
user="" group="" ad_domain="" statuscode="200" cached="0" 
profile="REF_HttProContaInterNetwo2 (Default Filtering Group)" 
filteraction="REF_HttCffDefauConteFilte (Default Content Filter)" 
size="176" request="0xd99aaa00" url="https://10.1.10.2/" referer="" 
error="" authtime="0" dnstime="2" aptptime="579" cattime="317" 
avscantime="0" fullreqtime="2413" device="0" auth="0" ua="" exceptions="" 
category="9998" reputation="unverified" categoryname="Uncategorized" 
country="N/A"

Our core switch is the 172.17.17.2

10.1.10.2 is not a valid IP address on our network

What do you suppose the best way to try to track down the source of this is?

Thank you,

Tim



This thread was automatically locked due to age.
Parents
  • 0

    If the switch is the source of communication, this may be some kind of auto-configuration / auto-install feature.

    Can you tell us the model of the switch ?

    You may take a tcpdump at FW, grep 172.17.17.2 and compare the MAC-address at vendorid.org vit your switch-vendor.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    HP2920-48G PoE+ Switch
    J9729A

Reply Children
No Data
Unfiltered HTML