Re: Documentation for gufw message "UFW AUDIT"

[songbird <songbird@anthive.com>]

C.T.F. Jansen wrote:

> Greetings,
>
> Where is documentation that describes the messages from gufw or ufw please.
>
> Of particular interest are lines in syslog and journalctl output with
>
>                               UFW AUDIT
>
> in them. What does this mean ?
> There are queries on the Ubuntu forums but no usable answer. Nothing in 
> the man pages or /usr/share /ufw or for gufw. Seen nothing yet in the 
> iptables documentation.
> Nothing of use in /usr/share/doc/gufw or ufw. The website referred to 
> here for ufw.org has nothing to do with firewalls.
>
> Haven't read the gufw source code yet ...

  this seems to shed some light:

  https://askubuntu.com/questions/143371/what-do-ufws-audit-log-entries-mean

  also saw a suggestion to change the logging level to low 
seems appropriate if you don't want the messages or care to 
delve into them.

  yet if you want to understand the messages you'd have to 
look into the docs for the network protocols and perhaps
track down which programs are writing to or listening on
the various ports mentioned.

  at one time i cared to hunt such things down to spank
them, but that was some years ago now and i have nothing
that worthy to protect or spend that much time on.

  a program like fail2ban can be your personal spank 
administrator for erronious external sites that are
annoying enough.  i have no chickens in this fight in
any direction other than to keep the ones that peck
about to be not able to peck too badly to cause damage.


  songbird