was ist das -> ulogd[51205]: ipf: recv: Connection refused

Mahlzeit!

Ich hab mir gerade ein zentrales Logging eingerichtet und die UTM dementsprechend konfiguriert.
Beim beobachten der Logs ist mir folgendes aufgefallen:

Davon gibts wahnsinnig viele Meldungen (10 Minuten sind etwa 500 Messages), teilweise mehrere pro sekunde.

Was ist das?

Aktiviert für Syslog habe ich:
- Admin notifications
- Kernel messages
- SSL VPN
- System messages

  • The same thing is happening to me. The messages are in "system.log" and started 22-JUL-2022 and are generated one or more times per second ever since that day. I have not been able to determine what causes these messages.

  • I have learned what these messages mean.

    If "IPFIX Accounting" is enabled, but the Host specified is rejecting the connection then these messages are logged in "system.log"

    In UTM 9 this setting is located under Logging & Reporting > Reporting Settings > Settings tab, all the way at the bottom of the page.

    If the Host specified is not allowing Sophos to send the IPFIX data then you get the "system.log" message for every attempt to send:

    2022:11:23-12:53:14 xxxxxxxx ulogd[946]: ipf: recv: Connection refused


    2022:11:23-12:53:15 xxxxxxxx ulogd[946]: ipf: recv: Connection refused


    2022:11:23-12:53:15 xxxxxxxx ulogd[946]: ipf: recv: Connection refused


    2022:11:23-12:53:15 xxxxxxxx ulogd[946]: ipf: recv: Connection refused


    2022:11:23-12:53:15 xxxxxxxx ulogd[946]: ipf: recv: Connection refused

    To prevent this the Host specified must be setup to allow receiving the IPFIX data from Sophos according to the specification in "IPFIX Accounting"

    In my case I disabled IPFIX for now as the receiving Host became unlicensed and that is why it was rejecting the IPFIX data from Sophos.

    I hope this helps you



    formatting
    [edited by: Pro Net at 5:15 PM (GMT -8) on 30 Nov 2022]
  • Morning!

    Thanks for your response! You are very right with this. My disk on the netflow collector was filled to the brim. Netflow "flows" again and the errors are gone!

    Thanks a lot.