[Firewall] AIF logging
Arno van Amersfoort
arnova at rocky.eld.leidenuniv.nl
Wed Feb 29 14:36:27 CET 2012
On 02/27/2012 06:57 PM, Norbert Gerhards wrote:
> I successfully installed AIF 2.0.1 on a debian squeeze server system.
> I found the rsyslog.conf for debian in the contrib branch and copied
> it into /etc
> I edited firewall.conf, commenting out the logging to /var/log/firewall.log
> I touched a firewall.log in /var/log
> I restartet AIF and rsyslog respectively.
> But: still everything from AIF is logged inside /var/log/syslog
> Only the stop 'n start messages are inside /var/log/firewall.log
> What have I missed or done wrong?
You probably forgot to set the LOGLEVEL to debug in firewall.conf
> My goal was to have all usual system messages in syslog, and _all_
> AIF messages in firewall.log.
> My second question with logging is:
> The whole log file is full of messages regarding PRIV TCP Packets
> trying to get connection on destination port 445.
> I guess they are mis-configured (Windows?) servers, searching for
> netbios connects on there _external_ (!) interface?
Probably but it could also be caused by evil(tm) people trying to find
"open" Windows shares
> Is there any way I could filter these attempts out?
Yes, use DENY_TCP_NOLOG & DENY_UDP_NOLOG
> Thanks in advance for any help,
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> Arno's (Linux IPTABLES Firewall) Homepage:
More information about the Firewall