[Firewall] AIF logging

Norbert Gerhards n.gerhards at ib-gerhards.de
Mon Feb 27 18:57:50 CET 2012


I successfully installed AIF 2.0.1 on a debian squeeze server system.

I found the rsyslog.conf for debian in the contrib branch and copied
it into /etc

I edited firewall.conf, commenting out the logging to /var/log/firewall.log

I touched a firewall.log in /var/log

I restartet AIF and rsyslog respectively.

But: still everything from AIF is logged inside /var/log/syslog
Only the stop 'n start messages are inside /var/log/firewall.log

What have I missed or done wrong?

My goal was to have all usual system messages in syslog, and _all_
AIF messages in firewall.log.

My second question with logging is:
The whole log file is full of messages regarding PRIV TCP Packets
trying to get connection on destination port 445.
I guess they are mis-configured (Windows?) servers, searching for
netbios connects on there _external_ (!) interface?

Is there any way I could filter these attempts out?

Thanks in advance for any help,


More information about the Firewall mailing list