Hi Brad,
we have verified and opened an issue on our bugtracker
https://jira.endian.com/browse/CORE-2487
Thank you very much for your report!
Daniele
From: Brad Morgan <brad-mor...@comcast.net>
> Date: 2018-05-22 0:16 GMT+02:00
> Subject: [Efw-user] Logwatch summary doesn't match firewall log
> To: efw-user@lists.sourceforge.net
>
>
> I’m trying to reconcile a discrepancy in the logwatch summary with the
> contents of the /var/log/firewall log file.
>
>
>
> The summary (below) shows 32 packets dropped but the firewall log file
> (5.8MB) has 27,822 lines (3,242 for port 3389). I can provide the .log file
> if needed. Why doesn’t the logwatch show thousands of dropped packets?
>
>
>
> If the summary isn’t looking at the firewall log, what is it looking at?
> How can I feed the firewall.log file into logwatch to get a proper summary?
>
>
>
> We were being attacked at a fairly high rate on port 3389 and the internal
> systems the ports forwarded to were suffering (we have a /29 block of
> addresses). I have temporarily turned off the port forwards so now the
> firewall is blocking the traffic. I’m trying to determine the best solution
> for blocking the unwanted attacks at the firewall while still allowing the
> legitimate users access to the systems.
>
>
>
> ################### Logwatch 7.3.6 (05/19/07) ####################
>
> Processing Initiated: Mon May 21 01:25:02 2018
>
> Date Range Processed: yesterday
>
> ( 2018-May-20 )
>
> Period is day.
>
> Detail Level of Output: 0
>
> Type of Output: unformatted
>
> Logfiles for Host: wscfw.westsidecares.local
>
> ##################################################################
>
> --------------------- iptables firewall Begin ------------------------
>
>
>
> Listed by source hosts:
>
>
>
> Dropped 32 packets on interface eth1
>
> From 10.1.10.1 - 3 packets to igmp(0)
>
> From 23.23.241.229 - 2 packets to tcp(3389)
>
> From 23.24.132.201 - 1 packet to tcp(23)
>
> From 23.24.142.198 - 2 packets to igmp(0)
>
> From 46.174.191.29 - 1 packet to tcp(8080)
>
> From 49.51.85.194 - 2 packets to tcp(3389)
>
> From 51.15.146.248 - 3 packets to tcp(3389)
>
> From 90.151.207.87 - 1 packet to tcp(23)
>
> From 107.155.164.102 - 2 packets to tcp(8141,8802)
>
> From 113.197.36.89 - 1 packet to tcp(3389)
>
> From 129.205.143.58 - 1 packet to tcp(23)
>
> From 139.60.160.173 - 2 packets to tcp(3389)
>
> From 162.244.34.113 - 1 packet to tcp(3389)
>
> From 185.244.25.136 - 1 packet to udp(53413)
>
> From 195.29.61.46 - 3 packets to tcp(3389)
>
> From 200.116.108.65 - 1 packet to tcp(3389)
>
> From 212.129.41.52 - 1 packet to tcp(22)
>
> From 212.154.6.104 - 1 packet to tcp(23)
>
> From 218.204.51.186 - 3 packets to tcp(3389)
>
>
>
> ---------------------- iptables firewall End -------------------------
>
> ###################### Logwatch End #########################
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Efw-user mailing list
> Efw-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/efw-user
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user
