Location of firewall logs?

I'd like to give them a look from time to time, but have no idea where they can be found.
Thanks in advance,
Kate

They're in /private/var/log/ and can also be accessed from the Console in the /Applications/Utilities/ folder.
(55712)

Similar Messages

  • Windows Server 2008 and Firewall Logging

    Our Windows server 2008 R2 domain controller does not appear to be logging anything into the windows firewall log: c:\windows\system32\logfiles\firewall\pfirewall.log.  The file is always blank.  Every 2003 server and 2008 R2 non-dc work fine. 
    I'm a little stumped.  The firewalls are configured via GPO's and appear to be applied ok. 
    I compared the 2003 and 2008 configuration and did notice one discrepancy:
    The 2003 windows firewall service runs as the local system account.  It's effective permissions to the pfirewall.log file is "full control"
    However, the 2008 firewall service runs as "LOCAL SERVICE".  This account has read-only permissions to the pfirewall.log file. 
    I haven't changed anything as this is a production server.  I was hoping for some guidance before I start changing default settings.  Any ideas why the pfirewall.log file is always blank?
    Thanks!

    Hi,
    Generally, C:\Windows\System32\LogFiles\Firewall\firewall.log has the following permission settings:
    NT SERVICE\MpsSvc:(F)
    NT AUTHORITY\SYSTEM:(F)
    BUILTIN\Administrators:(F)
    BUILTIN\Network Configuration Operators:(F)
    Please make sure MPSSvc (Windows Firewall service) has Full Control on this file.
    Thanks.
    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question.
    This can be beneficial to other community members reading the thread.
    This worked for me on a 2008 R2 DC that had somehow dropped the MpsSvc account off the Permissions list. In my case the pfirewall.log file wasn't even being created, so I had to modify permissions for the "%systemroot%\System32\LogFiles\Firewall"
    folder.
    Adding the MpsSvc account can be tricky if you're not familiar with where to look. Here are some supplemental instructions that might prove useful to those like myself who might not do this type of thing every day. Remember that these instructions for for
    a 2008 R2 Domain Controller.
    Open the "%systemroot%\System32\LogFiles\Firewall" folder. If necessary, "Click Continue to permanently get access to this folder."
    Right-click the empty space in the Firewall folder and click Properties.
    Go to the Security tab and click the Edit button.
    In the "Permissions for Firewall" window, click the Add
    button. The next step is where it gets tricky.
    Click the Object Types button and in the window that opens, make sure the
    Service Accounts box is checked. Click OK.
    Now click the Locations button. In the window that opens, make sure you change the default selection from the domain name to your Domain Controller's hostname (e.g. DC01).
    Click OK.
    In the object names text field, type "NT SERVICE\MpsSvc". If you were to simply enter "MpsSvc" it wouldn't work. This is not case sensitive, but the context of your entry is very specific.
    Click Check Names and your entry should automatically change to an underlined "MpsSvc" value.
    Click OK.
    Back on the "Permissions for Firewall" window, you can give MpsSvc
    Full Control of the Firewall folder, then click OK.
    You'll see a warning about changing permission settings on system folders. Read it, and if you accept the risk, click
    Yes. (Otherwise click No and enjoy your non-existent firewall logs.)
    Click OK again to save your changes and close the
    Firewall Properties window.
    You may have to restart the Windows Firewall service before the firewall log file will appear.
    You should also run a "gpupdate" just to make sure your settings are permanent and aren't being overridden by a GPO somewhere out there in Active Directory.
    That's all folks!
    "This posting is provided "AS IS" with no warranties, and confers no rights."
    -Mike

  • Changing the location of archive log from flash recovery area PLZ HELP!!!

    Hi All,
    My archive log is being stored in flash memory area which got full and the production server went down.
    alert log file details.....
    ORA-19809: limit exceeded for recovery files
    ORA-19804: cannot reclaim 43432960 bytes disk space from 2147483648 limit
    *** 2010-04-25 14:22:49.777 62692 kcrr.c
    ARCH: Error 19809 Creating archive log file to
    '/oracle/product/10.2.0/flash_rec
    overy_area/EDWREP/archivelog/2010_04_25/o1_mf_1_232_%u_.arc'
    *** 2010-04-25 14:22:49.777 60970 kcrr.c
    kcrrfail: dest:10 err:19809 force:0 blast:1I removed the files and started the database,
    Can someone kindly tell me as to how to avoid this problem in future by keeping archive log destination in flash recovery area.
    I want to change the location of archive log files, can someone please guide me as to hiow to do that
    I changed the size of flash recovery area for the time being, but i am afraid it will be full again!!
    SQL> select * from v$flash_recovery_area_usage;
    FILE_TYPE    PERCENT_SPACE_USED PERCENT_SPACE_RECLAIMABLE NUMBER_OF_FILES
    CONTROLFILE                   0                         0               0
    ONLINELOG                     0                         0               0
    ARCHIVELOG                99.44                         0              57
    BACKUPPIECE                   0                         0               0
    IMAGECOPY                     0                         0               0
    FLASHBACKLOG                  0                         0               0
    6 rows selected.
    SQL> alter system set DB_RECOVERY_FILE_DEST_SIZE = 4G ;
    System altered.
    SQL> select * from v$flash_recovery_area_usage;
    FILE_TYPE    PERCENT_SPACE_USED PERCENT_SPACE_RECLAIMABLE NUMBER_OF_FILES
    CONTROLFILE                   0                         0               0
    ONLINELOG                     0                         0               0
    ARCHIVELOG                49.72                         0              57
    BACKUPPIECE                   0                         0               0
    IMAGECOPY                     0                         0               0
    FLASHBACKLOG                  0                         0               0
    6 rows selected.regards,
    Edited by: user10243788 on Apr 25, 2010 6:12 AM

    user10243788 wrote:
    Hi All,
    My archive log is being stored in flash memory area which got full and the production server went down.
    alert log file details.....
    ORA-19809: limit exceeded for recovery files
    ORA-19804: cannot reclaim 43432960 bytes disk space from 2147483648 limit
    *** 2010-04-25 14:22:49.777 62692 kcrr.c
    ARCH: Error 19809 Creating archive log file to
    '/oracle/product/10.2.0/flash_rec
    overy_area/EDWREP/archivelog/2010_04_25/o1_mf_1_232_%u_.arc'
    *** 2010-04-25 14:22:49.777 60970 kcrr.c
    kcrrfail: dest:10 err:19809 force:0 blast:1I removed the files and started the database,
    Can someone kindly tell me as to how to avoid this problem in future by keeping archive log destination in flash recovery area.
    I want to change the location of archive log files, can someone please guide me as to hiow to do that
    I changed the size of flash recovery area for the time being, but i am afraid it will be full again!!
    SQL> select * from v$flash_recovery_area_usage;
    FILE_TYPE    PERCENT_SPACE_USED PERCENT_SPACE_RECLAIMABLE NUMBER_OF_FILES
    CONTROLFILE                   0                         0               0
    ONLINELOG                     0                         0               0
    ARCHIVELOG                99.44                         0              57
    BACKUPPIECE                   0                         0               0
    IMAGECOPY                     0                         0               0
    FLASHBACKLOG                  0                         0               0
    6 rows selected.
    SQL> alter system set DB_RECOVERY_FILE_DEST_SIZE = 4G ;
    System altered.
    SQL> select * from v$flash_recovery_area_usage;
    FILE_TYPE    PERCENT_SPACE_USED PERCENT_SPACE_RECLAIMABLE NUMBER_OF_FILES
    CONTROLFILE                   0                         0               0
    ONLINELOG                     0                         0               0
    ARCHIVELOG                49.72                         0              57
    BACKUPPIECE                   0                         0               0
    IMAGECOPY                     0                         0               0
    FLASHBACKLOG                  0                         0               0
    6 rows selected.regards,
    Edited by: user10243788 on Apr 25, 2010 6:12 AMPointing the archive log dest (and/or the FRA) to a new location, or enlarging them, will do no good if you are not performing regular housekeeping on the archivelogs. You will just keep knocking down the same problem over and over.
    If you simply delete the archivelogs at the OS level, the database will never know about it and it will continue to think the destination is full, based on records kept in the control file.
    For regular housekeeping, you need to be doing something similar to this in rman:
    run {
      backup archivelog all not backed up 1 times tag='bkup_vlnxora1_arch';
      delete noprompt archivelog all backed up 1 times to device type disk;
    run {
    delete noprompt obsolete;
    crosscheck archivelog all;
    delete noprompt expired archivelog all;

  • Why Are There Multiple Instances Of Firefox Preparing To Access Internet According To Firewall Log When I'm Not Launching Them And Nothing Appeared On My Screen

    I had closed Firefox after briefly running it and then tried to reopen it anew but got a message that said "Firefox is already running but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system."
    I logged off my computer, and later restarted. However, when I checked my Firewall log it showed that during the minute I had my computer on earlier there were about a dozen instances of "Firefox is preparing to access the internet" which were recorded just seconds apart.
    I don't have the problem now -- restarting apparently took care of the issue -- but I don't understand why there were so many instances of Firefox preparing to access the internet when I was not clicking on it all those times, the one time I did I got a message that it already was running, and there were no tabs on my screen to reflect all those supposed instances.
    Thanks for any insight that folks can offer.

    Were that Firefox processes or plugin-container processes?
    *http://kb.mozillazine.org/Plugin-container_and_out-of-process_plugins
    *https://support.mozilla.org/kb/What+is+plugin-container
    In case you are using "Clear history when Firefox closes", try to exclude the cookies in case you currently have selected this.
    *Tools > Options > Privacy > Firefox will: "Use custom settings for history": [X] "Clear history when Firefox closes" > Settings
    *https://support.mozilla.org/kb/Clear+Recent+History
    Note that clearing "Site Preferences" clears all exceptions for cookies, images, pop-up windows, software installation, and passwords.
    Firefox will try to remove cookies created by plugins in case you clear the cookies and that can result in plugin-container processes getting created.

  • No clarity on location of archive logs in Oracle 11g database

    I have this query which I am not able to resolve. There is one location of archive log mentioned as /oraarch/app/oracle/oradata/snlprod/archive_logs/ in the parameter log_archive_dest_1. But the archive logs are showing in another location /orabackup/rman/snlprod/archive_logs. I am wondering how the archive logs are showing in this location, /orabackup/rman/snlprod/archive_logs.
    I guess there is only one way in which location can be given which is seen from Availability->Recovery Settings->Media Recovery.
    I hope, my question is clear.
    Please revert with the reply to my query.
    Regards

    Must be
    show parameter db_recovery_file_dest
    If you want archived redo log send to /oraarch/app/oracle/oradata/snlprod/archive_logs
    then you must set  log_archive_dest_1 ='LOCATION= /oraarch/app/oracle/oradata/snlprod/archive_logs'
    log_archive_dest_1 is same before then it means your all  archvied redo log file will create in this directory
    Regards
    Mahir M. Quluzade

  • VPN connection - Firewall Log

    Hi there!
    I got VPN setup and running.
    But when connected, I get a huge list of denied acces in my server firewall log.
    This is just a small part of the list, its displaying a huge amount of ports:
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:63189 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:52190 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:51801 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:63187 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:62158 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:60736 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:49626 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:50363 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:64415 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:65084 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:49345 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:57670 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:63019 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:59496 192.168.0.116:53
    Client: 192.168.0.102
    Server: 192.168.0.116
    Anyone know whats causing this?
    Thanks!

    Hi there!
    I got VPN setup and running.
    But when connected, I get a huge list of denied acces in my server firewall log.
    This is just a small part of the list, its displaying a huge amount of ports:
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:63189 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:52190 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:51801 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:63187 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:62158 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:60736 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:49626 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:50363 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:64415 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:65084 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:49345 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:57670 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:63019 192.168.0.116:53
    ipfw[3352]: 65534 Deny UDP 192.168.0.102:59496 192.168.0.116:53
    Client: 192.168.0.102
    Server: 192.168.0.116
    Anyone know whats causing this?
    Thanks!

  • Location of Redo log and control files?

    Dear all,
    I am checking the location of redo log and control files, but found that the redo log file (like log02a.dbf ....) in the same directory of data files. However, I couldn't find any control files in the data files directries.
    What could be the location of control files?
    Amy

    select name
      from v$controlfile
    or
    show parameter control_filesKhurram

  • Location of query log files in OBIEE 11g (version 11.1.1.5)

    Hi,
    I wish to know the Location of query log files in OBIEE 11g (version 11.1.1.5)??

    Hi,
    Log Files in OBIEE 11g
    Login to the URL http://server.domain:7001/em and navigate to:
    Farm_bifoundation_domain-> Business Intelligence-> coreapplications-> Dagnostics-> Log Messages
    You will find the available files:
    Presentation Services Log
    Server Log
    Scheduler Log
    JavaHost Log
    Cluster Controller Log
    Action Services Log
    Security Services Log
    Administrator Services Log
    However, you can also review them directly on the hard disk.
    The log files for OBIEE components are under <OBIEE_HOME>/instances/instance1/diagnostics/logs.
    Specific log files and their location is defined in the following table:
    Log Location
    Installation log                     <OBIEE_HOME>/logs
    nqquery log <OBIEE_HOME>/instances/instance1/diagnostics/logs/OracleBIServerComponent/coreapplication_obis1
    nqserver log <OBIEE_HOME>/instances/instance1/diagnostics/logs/OracleBIServerComponent/coreapplication_obis1
    servername_NQSAdminTool log      <OBIEE_HOME>/instances/instance1/diagnostics/logs/OracleBIServerComponent/coreapplication_obis1
    servername_NQSUDMLExec log                          <OBIEE_HOME>/instances/instance1/diagnostics/logs/OracleBIServerComponent/coreapplication_obis1
    servername_obieerpdmigrateutil log (Migration log)           <OBIEE_HOME>/instances/instance1/diagnostics/logs/OracleBIServerComponent/coreapplication_obis1
    sawlog0 log (presentation)                          <OBIEE_HOME>/instances/instance1/diagnostics/logs/OracleBIPresentationServicesComponent/coreapplication_obips1
    jh log (Java Host)                               <OBIEE_HOME>/instances/instance1/diagnostics/logs/OracleBIJavaHostComponent\coreapplication_obijh
    webcatupgrade log (Web Catalog Upgrade)                <OBIEE_HOME>/instances/instance1/diagnostics/logs/OracleBIPresentationServicesComponent/coreapplication_obips1
    nqscheduler log (Agents)                          <OBIEE_HOME>/instances/instance1/diagnostics/logsOracleBISchedulerComponent/coreapplication_obisch1
    nqcluster log                                    <OBIEE_HOME>/instances/instance1/diagnostics/logs/OracleBIClusterControllerComponent\coreapplication_obiccs1
    ODBC log                                    <OBIEE_HOME>/instances/instance1/diagnostics/logs/OracleBIODBCComponent/coreapplication_obips1
    opmn log                                    <OBIEE_HOME>/instances/instance1/diagnostics/logs/OPMN/opmn
    debug log                                    <OBIEE_HOME>/instances/instance1/diagnostics/logs/OPMN/opmn
    logquery log                               <OBIEE_HOME>/instances/instance1/diagnostics/logs/OPMN/opmn
    service log                                    <OBIEE_HOME>/instances/instance1/diagnostics/logs/OPMN/opmn
    opmn out                              <OBIEE_HOME>/instances/instance1/diagnostics/logs/OPMN/opmn
    Upgrade Assistant log                         <OBIEE_HOME>Oracle_BI1/upgrade/logs
    Regards
    MuRam

  • Re: How to interpret firewall log?

    I am presently employing advanced firewall settings on my iMac G5 running Tiger 10.4.7, i.e., block udp traffic, enable firewall logging, and enable stealth mode. When I opened the firewall log for the first time today, I realized I didn't know what I was looking at. Can someone help me interpret what's going on? I guess I'm wondering if stealth mode is working properly?
    Here's a sampling of what was happening several days ago:
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52668 from 66.230.172.18:80
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52671 from 66.230.172.18:80
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52678 from 66.230.172.18:80
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52679 from 66.230.172.18:80
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52681 from 66.230.172.18:80
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52688 from 66.230.172.18:80
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52690 from 66.230.172.18:80
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52691 from 66.230.172.18:80
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52693 from 66.230.172.18:80
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52692 from 66.230.172.18:80
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52694 from 66.230.172.18:80
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52695 from 66.230.172.18:80
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52699 from 66.230.172.18:80
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52700 from 66.230.172.18:80
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52698 from 66.230.172.18:80
    Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52696 from 66.230.172.18:80

    Yes it is working properly.
    These are often "tail-end charlies" from a connection you've left with your browser. If you move from one website to another, before the first one has fully loaded, then the firewall will log the un-used packets from the first site as "Stealth Mode connection attempt" because your browser is no longer listening to that site. Note that all the "attempts" are on port 80 (http).
    I find, quite often, that ads and images from sites, other than the one you're actually visiting, can take quite a while to arrive, so if you've moved on at least a few packets are wandering around the 'net looking for a home.

  • Norton Firewall logging connections from usr/sbin/nmbd every 6 seconds...  What is this, and how can I stop it?

    This whole situation first started with a complaint from my ISP that it appeared I had a trojan virus...  around 1100-1200 messages per hour were being run through their servers via my account.  I have also Anti-Virus enabled, so I was left scratching my head...
    No viruses found on a full scan - so I started watching processes and connections.  This nmbd process is suspicious...  I don't run windows file sharing, nor have I ever.  This just popped up recently.  I also had two mac tech support calls, and one to Symantec - and it ran fine for a couple of days - but it's back again. 
    What is this, and how can I find the culprit, and remove it permanently...?
    Thanks in advance for any advice!
    --Jeff

    Thanks Thomas, appreciate the insight!  Thanks for taking the time to help me think through this...
    I have reset the password  twice now...
    It's only impacting one account, and the ISP says it's local to me - somewhere on my local network.
    I do have a few devices on my home network.  The only one with windows is my macbook air running parallels.  I just use this to browse some web projects I work on (view in IE to make sure everything is looking like it should). 
    The passwords I have used both times - they were ones set by my isp - the type you can't remember, they seem rather strong (upper/lower case letters, numbers, symbols).  That's what leads me to believe it's also local - something on my machine.  And it only seems to be impacting one email account (I have 5 running in Mac Mail).
    WiFi network is protected by WPA2 - just checked to be sure.  All good there.
    Now, in Norton Firewall log - I can see incoming and outgoing connections via Windows File Sharing/nmbd. 
    The reason I feel/felt that this is related to the spam sends is that once I saw the number of connects, and roughly equals the number of sends per hour of spam - I stopped the process with the firewall and suddenly my isp says the spam sends stop. That led me to believe they are related. Perhaps this virus or malware has spoofed it's name and is identifying itself as nmbd?  I have no idea.  Just scared to turn it all off just yet.
    I did notice that Moutain Lion does not run this...  (nmbd).
    I did wonder about the Air sending something off of windows - but this all happened while it was off, laying on the desk next to me.  It rarely gets used unless I'm testing or traveling.
    I can understand nmbd being useful part of the system, I cannot understand how it would be very useful if I didn't turn it on, it connects at that frequency, and I don't have file sharing enabled.  That's why I am hesitant to turn Norton off, and hope that everything just goes away.  I want to try and get this problem figured out as simply turning Norton off doesn't seem like I'm taking steps to eliminate the problem.  Perhaps Norton is causing other issues - and I'll be removing the software asap - but want to make sure the spam sends cease.
    Let me know if that sparks any ideas...  Thanks again! 
    --Jeff

  • Firewall log - what's this mean?

    I had a hardware router/firewall and IP address server, just down stream from my cable modem until that device died this week. I've reconfigured what I had to use my Airport Graphite to distribute IP addresses and share a single IP address for all the devices on the home network "using NAT and DHCP" and connected 2 computers and a network printer with a simple Ethernet switch/hub. (BTW, this provides noticeably faster speed to the internet!) I already had the OS 10.4 firewall turned on in the 2 MacBooks, but I also now enabled Stealth Mode and for the first time "Firewall logging."
    So I later looked in the log file and I find:
    "Jan 8 20:49:31 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80
    Jan 8 20:49:31 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80
    Jan 8 20:49:33 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80
    Jan 8 20:49:33 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80"
    10.0.1.8 is the IP for this MacBook. I think this says I'm being scanned by someone attempting to use port 52066 (???), from some other computer named 74.125.19.104 port 80 - is that correct? Should I be worried? Is there something else I should enable or disable? Naturally, I turned on the minimum number of services in the Firewall. BTW, how could I find out who/where 74.125.19.104 is? This went on for about 3 minutes last night but seems to have stopped now.
    I think this also makes me believe I should go back to a hardware firewall upstream, right at the 'port of entry,' but I don't see much for sale these days (at home prices) that is a true firewall. I know a new Airport Extreme Basestation says it has a "built-in firewall" but I can't find any information about that feature, ie is it more than just NAT translation? Does anyone have a recommendation for a reasonably priced, easy to set up and manage firewall?
    thanks!

    I have Snort NIDS running on my computer and get port scans similar to this reported to me all the time from numerous websites - for example, from these very discussions.apple.com forums. Port 443 is a server https port, your port 49235 is in all likelihood the randomly created outbound port that you initially established a web browsing connection with, hence, assuming this to be an established connection, it would have been forwarded through your router to your computer (to your 192.168.x.x address). This IPA belongs to akamai.com, I think they handle a lot of online purchasing and online billing stuff and stuff that requires logging in in some manner or another -- were you paying bills or buying something online or in an authenticated website at the time this occurred?
    I don't understand why these port scans from established connections to reputable web servers happen, but I don't believe them to be abnormal. Perhaps someone who is a subject matter expert in enterprise-class web servers could weigh in here and explain what may be going on here.

  • How do I locate the crash logs - OSX 10.8.5

    I cannot locate the crash logs on my Mac Pro.  Any advice?

    Launch the Console application in any of the following ways:
    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
    ☞ Open LaunchPad. Click Utilities, then Console in the icon grid.
    In the Console window, look under the heading DIAGNOSTIC AND USAGE INFORMATION on the left for crash or panic reports. If you don't see that heading, select
    View ▹ Show Log List
    from the menu bar.

  • Location of forms logs.

    Hi,
    I am new to Oracle EBS.
    I would like to know the location of forms logs in oracle EBS 11i and R12.
    thanks

    Please refer to these docs for the log files names/location.
    How To Find Location Of Install, Autoconfig, Patching , Clone And Other Logs In EBS R12 [ID 804603.1]
    E-Business File System Maintenance - Tech Stack Log and Temporary Files [ID 972440.1]
    Thanks,
    Hussein

  • Setting the location of HspEventLog.log

    Hi. Can anyone tell me how to change the location of HspEventLog.log? In our Development environment it currently resided at the root of C: which makes no sense at all. I suspect this is set using the configuration utility - correct? We are using Planning 9.2.
    Thanks
    Sean

    jts wrote:
    Sean,
    Trying a stab I had the same problem with planning logs and John told me the path set is in the regedit of your Planning server. In (going by memory) HKEY_Local_Machine/Software/Hyperion/Planning
    In here is two entries for error and out files. You know they are correct if they have a path of C:\
    JTSHi,
    Are you not getting confused with setting the error files for the standard planning web application, this is different than the hspeventlog.log which is created from using the planning desktop.
    It has been a while since I have used 9.2 but maybe it is defined in the planning desktop, the system folder setting?
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Stealth mode and firewall logging problems to be resolved please.

    I am running OS X v10.6.8 and am having difficulty setting stealth mode. System Preferences shows stealth mode to be switched on, but System Profiler shows it to be off, no matter how many times I set it and shut down/restart. System profiler also shows firewall logging to be switched off, but there is no facility within the Security/Firewall section of System Preferences to switch it on.

    I think the answer to this is if you have "Block all incoming connections" checked, then "Enable stealth mode" in Sys Prefs is checked but greyed out. Mine is set up that way and I'm seeing, like you, that Stealth Mode is off in System Profiler>Network>Firewall. If you have "Block all incoming" checked, then activating Stealth Mode becomes moot.
    I can only get it undimmed if I uncheck Block all incoming.

Maybe you are looking for