[Firewall] AIF logging

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Wed Feb 29 14:36:27 CET 2012

On 02/27/2012 06:57 PM, Norbert Gerhards wrote:
> Hi,
> I successfully installed AIF 2.0.1 on a debian squeeze server system.
> I found the rsyslog.conf for debian in the contrib branch and copied
> it into /etc
> I edited firewall.conf, commenting out the logging to /var/log/firewall.log
> I touched a firewall.log in /var/log
> I restartet AIF and rsyslog respectively.
> But: still everything from AIF is logged inside /var/log/syslog
> Only the stop 'n start messages are inside /var/log/firewall.log
> What have I missed or done wrong?

You probably forgot to set the LOGLEVEL to debug in firewall.conf

> My goal was to have all usual system messages in syslog, and _all_
> AIF messages in firewall.log.
> My second question with logging is:
> The whole log file is full of messages regarding PRIV TCP Packets
> trying to get connection on destination port 445.
> I guess they are mis-configured (Windows?) servers, searching for
> netbios connects on there _external_ (!) interface?
Probably but it could also be caused by evil(tm) people trying to find 
"open" Windows shares

> Is there any way I could filter these attempts out?


> Thanks in advance for any help,
> Norbert
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl


More information about the Firewall mailing list