Solved

Need assistance interpeting Sonicwall log

Posted on 2010-09-23
10
3,400 Views
Last Modified: 2013-11-16
We have a Sonicwall TZ210 installed behind our Netgear DSL modem. The daily log is emailed to be, but I've had problems interpeting it. The following records are in the logs every day. Can someone tell me what they neam?

09/22/2010 06:00:28.016 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:05:26.832 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:10:26.688 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:15:26.544 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:20:26.400 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:25:26.256 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:30:26.112 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:35:25.928 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:40:25.784 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:45:25.640 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 

Open in new window


09/22/2010 09:10:23.736 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:15:23.592 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:18:37.720 - Alert - Intrusion Prevention - 	IP spoof dropped - 	xx.xx.xx.xx, 123, X0 - 192.168.0.175, 123, X0, Server8 - 	MAC address: 00:b0:d0:74:xx:xx
09/22/2010 09:20:23.448 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:25:23.304 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:30:23.160 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:35:23.016 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:35:43.432 - Alert - Intrusion Prevention - 	IP spoof dropped - 	xx.xx.xx.xx, 123, X0 - 	192.168.0.175, 123, X0, Server8 - 	MAC address: 00:b0:d0:74:xx:xx
09/22/2010 09:40:22.848 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:45:22.704 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:50:22.560 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:52:47.528 - Alert - Intrusion Prevention - 	IP spoof dropped - 	xx.xx.xx.xx, 123, X0 -192.168.0.175, 123, X0, Server8 - 	MAC address: 00:b0:d0:74:xx:xx

Open in new window

0
Comment
Question by:Tony Giangreco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 6

Expert Comment

by:jkratzer
ID: 33749816
Do you have the sonicwall attempting to do a PPP to your upstream providor?

What type if internet connection do you have???   DSL/T1/Other?

Is the IP address 192.168.0.175 an IP within your network?

It looks like you have someone on the inside trying to do a PPP connection to your TZ.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33751079
jkratzer is on the right track with DSL.  The messages you get is normal for PPPoE which DSL uses.  You can safely disregard them.
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 33753134
We are not uploading anything upstream. We have two types of users:

1. Connect from their laptop inside the facility and use outlook on out server that is behind the firewall
2. remote users connect via sslvpn to check mail and open documents from remote locations.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 33

Expert Comment

by:digitap
ID: 33753413
but, the question is, do you have a DSL type Internet?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 33753439
Yes
0
 
LVL 33

Expert Comment

by:digitap
ID: 33753678
then, that's what those messages are...communication between the sonicwall and the PPPoE provider.  did they occur suddenly?  did you only recently start receiving the log files via email?  why the concern all of a sudden?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 33753784
The firewall was installed in April and these messages have been in the logs from the first day of operation.

Is there starter video or tutorial available that describes the log messages?
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33753829
ah, I see.  regarding your last question, not really.  i've been working with these sonicwall appliances for a number of years and have seen these messages on all the DSL setups.  i just did a quick scan of the sonicwall KB (http://www.sonicwall.com/us/support/kb.asp)...a great resource by the way...and I can't find anything describing the messages.  I scanned through the sonicwall forums and i find information similar to what i posted above.
0
 
LVL 25

Author Closing Comment

by:Tony Giangreco
ID: 33775783
Thanks
0
 
LVL 33

Expert Comment

by:digitap
ID: 33775807
Thanks for the points!
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question