mrf76
June 30th, 2008, 11:22 AM
Hello,
Fwlogwatch don't work properly in Ubuntu because it can't count numbers of iptables events in syslog/syslog-ng and fwlogwatch output looks like there is always only one packet from source, which is not good. I believe that's problem is here:
Ubuntu FW syslog sample:
Jun 30 17:08:09 fw kernel: [247590.490623] FORWARD: IN=eth1 OUT=eth2 SRC=10.*.*.128 DST=213.129.*.* LEN=31 TOS=0x00 PREC=0x00 TTL=127 ID=27693 PROTO=UDP SPT=6970 DPT=8372 LEN=11
Suse FW syslog sample:
Jun 30 16:52:29 relay kernel: FW-in-drop: IN=eth0 OUT= MAC=*:*:* ... SRC=221.206.*.* DST=195.122.*.* LEN=485 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=42361 DPT=1027 LEN=465
Please, how can I get rid off these syslog kernel numbers? Thanks for your help.
Peter
Fwlogwatch don't work properly in Ubuntu because it can't count numbers of iptables events in syslog/syslog-ng and fwlogwatch output looks like there is always only one packet from source, which is not good. I believe that's problem is here:
Ubuntu FW syslog sample:
Jun 30 17:08:09 fw kernel: [247590.490623] FORWARD: IN=eth1 OUT=eth2 SRC=10.*.*.128 DST=213.129.*.* LEN=31 TOS=0x00 PREC=0x00 TTL=127 ID=27693 PROTO=UDP SPT=6970 DPT=8372 LEN=11
Suse FW syslog sample:
Jun 30 16:52:29 relay kernel: FW-in-drop: IN=eth0 OUT= MAC=*:*:* ... SRC=221.206.*.* DST=195.122.*.* LEN=485 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=42361 DPT=1027 LEN=465
Please, how can I get rid off these syslog kernel numbers? Thanks for your help.
Peter