Re: [gb-users] Logging in 3.4.2

Wed, 17 Mar 2004 11:57:43 -0800 

On Wed, 17 Mar 2004, Scheldebouw wrote:

> I upgraded from 3.3.2 to 3.4.2. The old version was setup to not log NAT
> and WWW information. This has been re-enabled when I upgraded to 3.4.2.
> To disabled it again I tried to set the "NAT Facility" and "WWW Facility"
> (in Services; Remote Logging) to "None" as described it the on-line  help.

Alas, this is a bug in the documentation.

Logging changed between 3.3 and 3.4, both Remote and local to the
firewall.

To disable logging of NAT opens and closes, open the Filters>Preferences
section.

Under "Default Logging" uncheck Log for Tunnel opens and Tunnel closes.

This will disable logging of opens and closes (closes is selected by
default. Opens is usually only used for debugging..) for any filter with
"Default" selected under log, as well as for Automatic filters.

Unchecking the Tunnel closes option above will also prevent the logging of
WWW accesses.

If you'd like to only log or not log WWW accesses (without changing the
Filter Preferences), you should create an outbound filter for WWW access,
and select the Log: Yes or Log: No as appropriate.

Such as (these are from 3.5, but 3.4 would be similar):

     4 # Allow protected interface WWW access to anywhere and log it.
       Accept notice "PROTECTED" TCP  log trafficShaping  weight 5
          from ANY_IP
            to ANY_IP 80

     4 # Allow protected interface WWW access to anywhere and dont log.
       Accept notice "PROTECTED" TCP  nolog trafficShaping  weight 5
          from ANY_IP
            to ANY_IP 80


Do note that selecting Log: Yes on a filter will log Opens, Closes, and
Accepts (or Blocks in the event of a Deny filter).



These new methods are a bit more complicated, but give the firewall
administrator much better control over what is and is not logged.

Hope this helps.

-- 
David Raistrick
        Systems Administrator - Global Technology Associates, Inc
 [EMAIL PROTECTED]
        Disclaimer:  All opinions expressed are the opinions of
        David Raistrick, not necessarily those of GTA, Inc.

------------------------------------------------------
To unsubscribe:           [EMAIL PROTECTED]
For additional commands:         [EMAIL PROTECTED]
Archive:  http://archives.gnatbox.com/gb-users/

Reply via email to