[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Tool to analyze firewall messages



On Sun, 20 Oct 2002, Al Bogner wrote:

> In /var/log/messages I see messages like
>
> Oct 20 11:00:43 firewall kernel: SuSE-FW-DROP-DEFAULT IN=ippp0 OUT=
> MAC= SRC=61.0.114.198 DST=62.46.154.154 LEN=78 TOS=0x00 PREC=0x00
> TTL=101 ID=3969 PROTO=UDP SPT=62302 DPT=137 LEN=58
>
> I would like to see some whois data of the source IP in clear text
> and the destination port in clear text too. (Of course I know that
> 137 is the netbios-port)

Are you interested in these 2 informations only?
If so, would it be sufficient to hand over a script doing just that?

>
> Is there an analyzing tool for these messages? Maybe like webalizer?

What exactly do you mean ba "analyzing", statistics? tabular format?

>
> Where can I define the log-file in FW2? I would like to have an own
> fw-logfile to have a better overview of the other messages

I'm not shure how FW2 handles this, but to write in another log file than
/var/log/messages, you need the ulog extension to iptables, available at
	http://www.iptables.org/

Achim


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here