[LogReport] firewall / iptables report (was: baker 20031028) (fwd)
Francis J. Lacoste
flacoste at logreport.org
Tue Oct 28 22:58:15 CET 2003
On Tue, 2003-10-28 at 15:50, Ray Finch wrote:
> Hi, I'm using Lire to monitor a debian linux iptables firewall. I can tell
> from /var/log/messages that plenty of packets are being denied. I've
> attached the report below. My question is, why am I getting all the 'no
> content in report' lines below when I know packets are being denied?
The problem lies in the fact that there is no "standard" way to know
why a packet was logged with iptables. Whereas ipchains, cisco_ios, pix
and other packet filters will log a well-known message to that effect,
IPtables let the message part configurable to the user.
We use the following regex to categorize a packet as 'denied' by
iptables :
# Line 32 in iptables2dlf.in
my $denied_re = qr/deny|denied|drop|reject|unallowed/i;
So you can either change the regex for your configuration or change
you IPtables configuration so that the logs are correctly are correctly
detected by the the DLF converter.
--
--
Francis J. Lacoste
francis at Contre.COM
Kind regards,
Francis J. Lacoste
--
Francis J. Lacoste . . http://www.logreport.org
/^LogReport$/ . . flacoste at logreport.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.logreport.org/pipermail/questions/attachments/20031028/b400ea1b/attachment.bin
More information about the Questions
mailing list