Solved

Need assistance interpeting Sonicwall log

Posted on 2010-09-23
10
3,296 Views
Last Modified: 2013-11-16
We have a Sonicwall TZ210 installed behind our Netgear DSL modem. The daily log is emailed to be, but I've had problems interpeting it. The following records are in the logs every day. Can someone tell me what they neam?

09/22/2010 06:00:28.016 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:05:26.832 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:10:26.688 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:15:26.544 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:20:26.400 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:25:26.256 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:30:26.112 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:35:25.928 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:40:25.784 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:45:25.640 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 

Open in new window


09/22/2010 09:10:23.736 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:15:23.592 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:18:37.720 - Alert - Intrusion Prevention - 	IP spoof dropped - 	xx.xx.xx.xx, 123, X0 - 192.168.0.175, 123, X0, Server8 - 	MAC address: 00:b0:d0:74:xx:xx
09/22/2010 09:20:23.448 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:25:23.304 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:30:23.160 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:35:23.016 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:35:43.432 - Alert - Intrusion Prevention - 	IP spoof dropped - 	xx.xx.xx.xx, 123, X0 - 	192.168.0.175, 123, X0, Server8 - 	MAC address: 00:b0:d0:74:xx:xx
09/22/2010 09:40:22.848 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:45:22.704 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:50:22.560 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:52:47.528 - Alert - Intrusion Prevention - 	IP spoof dropped - 	xx.xx.xx.xx, 123, X0 -192.168.0.175, 123, X0, Server8 - 	MAC address: 00:b0:d0:74:xx:xx

Open in new window

0
Comment
Question by:Tony Giangreco
  • 5
  • 4
10 Comments
 
LVL 6

Expert Comment

by:jkratzer
ID: 33749816
Do you have the sonicwall attempting to do a PPP to your upstream providor?

What type if internet connection do you have???   DSL/T1/Other?

Is the IP address 192.168.0.175 an IP within your network?

It looks like you have someone on the inside trying to do a PPP connection to your TZ.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33751079
jkratzer is on the right track with DSL.  The messages you get is normal for PPPoE which DSL uses.  You can safely disregard them.
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 33753134
We are not uploading anything upstream. We have two types of users:

1. Connect from their laptop inside the facility and use outlook on out server that is behind the firewall
2. remote users connect via sslvpn to check mail and open documents from remote locations.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33753413
but, the question is, do you have a DSL type Internet?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 33753439
Yes
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 33

Expert Comment

by:digitap
ID: 33753678
then, that's what those messages are...communication between the sonicwall and the PPPoE provider.  did they occur suddenly?  did you only recently start receiving the log files via email?  why the concern all of a sudden?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 33753784
The firewall was installed in April and these messages have been in the logs from the first day of operation.

Is there starter video or tutorial available that describes the log messages?
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33753829
ah, I see.  regarding your last question, not really.  i've been working with these sonicwall appliances for a number of years and have seen these messages on all the DSL setups.  i just did a quick scan of the sonicwall KB (http://www.sonicwall.com/us/support/kb.asp)...a great resource by the way...and I can't find anything describing the messages.  I scanned through the sonicwall forums and i find information similar to what i posted above.
0
 
LVL 25

Author Closing Comment

by:Tony Giangreco
ID: 33775783
Thanks
0
 
LVL 33

Expert Comment

by:digitap
ID: 33775807
Thanks for the points!
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Different types of mobile security tests 3 103
Sonicwall Security Service questions 2 49
ScanGuard 4 84
Is the 2017 Annual Visitor Survey on Chrome a Virus? 11 46
Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now