[Firewall] AIF logging
n.gerhards at ib-gerhards.de
Mon Feb 27 18:57:50 CET 2012
I successfully installed AIF 2.0.1 on a debian squeeze server system.
I found the rsyslog.conf for debian in the contrib branch and copied
it into /etc
I edited firewall.conf, commenting out the logging to /var/log/firewall.log
I touched a firewall.log in /var/log
I restartet AIF and rsyslog respectively.
But: still everything from AIF is logged inside /var/log/syslog
Only the stop 'n start messages are inside /var/log/firewall.log
What have I missed or done wrong?
My goal was to have all usual system messages in syslog, and _all_
AIF messages in firewall.log.
My second question with logging is:
The whole log file is full of messages regarding PRIV TCP Packets
trying to get connection on destination port 445.
I guess they are mis-configured (Windows?) servers, searching for
netbios connects on there _external_ (!) interface?
Is there any way I could filter these attempts out?
Thanks in advance for any help,
More information about the Firewall