Re: logging with firehol
Jonas Meurer(jonas@freesources.org) is reported to have said:
> On 29/05/2004 Gian Piero Carrubba wrote:
> > As said, I don't use firehol, so I can't help about how you can do that,
> > nevertheless I'm sure you can.
> > Generally speaking, you need a kernel with support for ulog target and
> > netlink device, a running ulogd daemon and an iptables rule that
> > redirect packages to ULOG target (instead of LOG).
>
> ok, so loaded the ipt_ULOG module, and installed ulogd, but now i don't
> know how to go on.
>
> > With ulogd you can log to a specified file or to a running sql server
> > (mysql and postgres supported, not sure about others). Can't remember if
> > other possibilities allowed (they are enough for my needs).
>
> mh, i think logging all the reject/drop notes like the one at the
> initial threat post to one specified file would be interesting.
>
> Any idea how to simply direct all iptables messages to ulog?
In /etc/filhol
# ----------------------------------------------------------------------------
# CUSTOM SERVICES
# ----------------------------------------------------------------------------
# See the section "Adding Services" in the documentation
# Example service x, listening on port TCP/z
# > server_x_ports="tcp/z"
# > client_x_ports="default"
FIREHOL_LOG_MODE="ULOG"
FIREHOL_LOG_LEVEL="--log-level warning"
FIREHOL_LOG_OPTIONS="--log-tcp-options --log-ip-options"
FIREHOL_LOG_FREQUENCY="1/second"
#FIREHOL_LOG_FREQUENCY="30/minute"
#FIREHOL_LOG_BURST="5"
FIREHOL_LOG_BURST="2"
The log file is
/var/log/ulog/syslogemu.log
Using firehol 1.182+cvs+20040325-2
Wayne
--
Computer programmers do it byte by byte.
_______________________________________________________
Reply to: