This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

was ist das -> ulogd[51205]: ipf: recv: Connection refused

Mahlzeit!

Ich hab mir gerade ein zentrales Logging eingerichtet und die UTM dementsprechend konfiguriert.
Beim beobachten der Logs ist mir folgendes aufgefallen:

Davon gibts wahnsinnig viele Meldungen (10 Minuten sind etwa 500 Messages), teilweise mehrere pro sekunde.

Was ist das?

Aktiviert für Syslog habe ich:
- Admin notifications
- Kernel messages
- SSL VPN
- System messages



This thread was automatically locked due to age.
Parents
  • I have learned what these messages mean.

    If "IPFIX Accounting" is enabled, but the Host specified is rejecting the connection then these messages are logged in "system.log"

    In UTM 9 this setting is located under Logging & Reporting > Reporting Settings > Settings tab, all the way at the bottom of the page.

    If the Host specified is not allowing Sophos to send the IPFIX data then you get the "system.log" message for every attempt to send:

    2022:11:23-12:53:14 xxxxxxxx ulogd[946]: ipf: recv: Connection refused


    2022:11:23-12:53:15 xxxxxxxx ulogd[946]: ipf: recv: Connection refused


    2022:11:23-12:53:15 xxxxxxxx ulogd[946]: ipf: recv: Connection refused


    2022:11:23-12:53:15 xxxxxxxx ulogd[946]: ipf: recv: Connection refused


    2022:11:23-12:53:15 xxxxxxxx ulogd[946]: ipf: recv: Connection refused

    To prevent this the Host specified must be setup to allow receiving the IPFIX data from Sophos according to the specification in "IPFIX Accounting"

    In my case I disabled IPFIX for now as the receiving Host became unlicensed and that is why it was rejecting the IPFIX data from Sophos.

    I hope this helps you



    formatting
    [edited by: Pro Net at 5:15 PM (GMT -8) on 30 Nov 2022]
Reply
  • I have learned what these messages mean.

    If "IPFIX Accounting" is enabled, but the Host specified is rejecting the connection then these messages are logged in "system.log"

    In UTM 9 this setting is located under Logging & Reporting > Reporting Settings > Settings tab, all the way at the bottom of the page.

    If the Host specified is not allowing Sophos to send the IPFIX data then you get the "system.log" message for every attempt to send:

    2022:11:23-12:53:14 xxxxxxxx ulogd[946]: ipf: recv: Connection refused


    2022:11:23-12:53:15 xxxxxxxx ulogd[946]: ipf: recv: Connection refused


    2022:11:23-12:53:15 xxxxxxxx ulogd[946]: ipf: recv: Connection refused


    2022:11:23-12:53:15 xxxxxxxx ulogd[946]: ipf: recv: Connection refused


    2022:11:23-12:53:15 xxxxxxxx ulogd[946]: ipf: recv: Connection refused

    To prevent this the Host specified must be setup to allow receiving the IPFIX data from Sophos according to the specification in "IPFIX Accounting"

    In my case I disabled IPFIX for now as the receiving Host became unlicensed and that is why it was rejecting the IPFIX data from Sophos.

    I hope this helps you



    formatting
    [edited by: Pro Net at 5:15 PM (GMT -8) on 30 Nov 2022]
Children