[Firewall] AIF logging
n.gerhards at ib-gerhards.de
Wed Feb 29 20:14:41 CET 2012
thanks for your answers! Yes, it works. :-)
Am 29.02.2012 14:36, schrieb Arno van Amersfoort:
> On 02/27/2012 06:57 PM, Norbert Gerhards wrote:
>> I successfully installed AIF 2.0.1 on a debian squeeze server system.
>> I found the rsyslog.conf for debian in the contrib branch and copied
>> it into /etc
>> I edited firewall.conf, commenting out the logging to
>> I touched a firewall.log in /var/log
>> I restartet AIF and rsyslog respectively.
>> But: still everything from AIF is logged inside /var/log/syslog
>> Only the stop 'n start messages are inside /var/log/firewall.log
>> What have I missed or done wrong?
> You probably forgot to set the LOGLEVEL to debug in firewall.conf
You are right: I forgot that; corrected it, and it works.
>> My goal was to have all usual system messages in syslog, and _all_
>> AIF messages in firewall.log.
>> My second question with logging is:
>> The whole log file is full of messages regarding PRIV TCP Packets
>> trying to get connection on destination port 445.
>> I guess they are mis-configured (Windows?) servers, searching for
>> netbios connects on there _external_ (!) interface?
> Probably but it could also be caused by evil(tm) people trying to find
> "open" Windows shares
>> Is there any way I could filter these attempts out?
> Yes, use DENY_TCP_NOLOG & DENY_UDP_NOLOG
I've set both on 445, and yes, it works perfect.
Greetings from Aachen (Germany)
More information about the Firewall