Hello, I am trying to implement a simple NIDS based on fwlogwatch for my gateway, and I use ulogd for logging iptables rejected/dropped traffic.
Problem is, I don't want my users blocked because of EVERY traffic they generate that gets logged, so I am looking for a way for ulogd to use multiple logfiles, based on prefix chosen for rules. So far, I couldn't find it in the documentation in /usr/share/doc nor in netfilter's site. Does anybody know if it's even possible? Alternatively, I would be satisfied if fwlogwatch could ignore some selected prefixes of my choice, but that seems somewhat harder. Hope I'm wrong. regards FF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
