Are you speaking of log entries like these? --- May 7 00:15:22 lanner kernel: [1331862.087653] Denied-by-mangle:blockSetDrop IN=eth3 OUT= MAC=00:90:0b:17:f2:7d:00:01:5c:8e:ea:46:08:00 SRC=85.104.239.148 DST=73.n.n.133 LEN=40 TOS=0x00 PREC=0x20 TTL=236 ID=28662 DF PROTO=TCP SPT=59418 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0 May 7 00:17:31 lanner kernel: [1331991.422047] Denied-by-filter:INPUT IN=eth3 OUT= MAC=00:90:0b:17:f2:7d:00:01:5c:8e:ea:46:08:00 SRC=5.188.11.131 DST=73.n.n.133 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=17762 PROTO=TCP SPT=48786 DPT=22740 WINDOW=1024 RES=0x00 SYN URGP=0 May 6 05:13:39 lanner kernel: [1263359.277850] Denied-by-filter:INPUT IN=eth3 OUT= MAC=00:90:0b:17:f2:7d:00:01:5c:8e:ea:46:08:00 SRC=198.211.97.48 DST=73.n.n.133 LEN=30 TOS=0x00 PREC=0x20 TTL=53 ID=0 DF PROTO=UDP SPT=49076 DPT=1434 LEN=10 ----
On Sun, 2 Sep 2018 07:38:19 -0400 Wayne Sallee <[email protected]> wrote: > Thanks, I've been there already, but was not able to find anything that tells > how to read the logs. > > Wayne Sallee > [email protected] > http://www.WayneSallee.com > > -------- Original Message -------- > *Subject: *SV: SV: netfilter mailing list abandoned > *From: *André Paulsberg-Csibi (IBM Consultant) > <[email protected]> > *To: *'Wayne Sallee' <[email protected]>, [email protected] > <[email protected]> > *Date: *09/01/2018 05:26 PM > > I will just assume you mean the syntax for making your own log in either > > iptables / nftables , I would assume this is a good place to start -> > > https://netfilter.org/projects/iptables/index.html > > > > However logging typically is "yours to design" and all can be logged , but > > unless you make specific "rules" for it nothing will be logged . > > > > IF on the other hand you want to understand the syntax in the output , you > > need to explain or show some examples . > > > > > > Best regards > > André Paulsberg-Csibi > > Senior Network Engineer > > IBM Services AS > > > > > > Sensitivity: Internal > > > > -----Opprinnelig melding----- > > Fra: [email protected] <[email protected]> På > > vegne av Wayne Sallee > > Sendt: lørdag 1. september 2018 17.36 > > Til: [email protected] > > Emne: Re: SV: netfilter mailing list abandoned > > > > My question on that thread was: > > > > "Where is a good place to learn how to understand firewall logs?" > > > > What is hard to understand about that question? > > Doesn't netfilter contribute to the firewall logs? > > > > Is there a better mailing list for this subject, that has not been > > abandoned? > > > > Wayne Sallee > > [email protected] > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.WayneSallee.com&data=02%7C01%7CAndre.Paulsberg-Csibi%40evry.com%7C29e0e6bf02664307a04808d610209d6f%7C40cc2915e2834a2794716bdd7ca4c6e1%7C1%7C0%7C636714129600745714&sdata=DjKC1ADigXXyQIqOi6NE459IcCT2yrSZDiPuspiSZEg%3D&reserved=0 > > > > -------- Original Message -------- > > *Subject: *SV: netfilter mailing list abandoned > > *From: *André Paulsberg-Csibi (IBM Consultant) > > <[email protected]> > > *To: *'Wayne Sallee' <[email protected]>, [email protected] > > <[email protected]> > > *Date: *08/29/2018 02:42 PM > >> Nope , last activity was on Thursday 23. 20:34 , except your mail Friday > >> 24. > >> > >> I cannot tell why nobody responded , I did not respond during the weekend > >> as I was away and after I saw it I could not "imagine" what exactly you > >> was asking ( which may or may not be the reason no one else answered > >> either ) > >> > >> > >> > >> Best regards > >> André Paulsberg-Csibi > >> Senior Network Engineer > >> IBM Services AS > >> > >> > >> Sensitivity: Internal > >> > >> -----Opprinnelig melding----- > >> Fra:[email protected] <[email protected]> På > >> vegne av Wayne Sallee > >> Sendt: onsdag 29. august 2018 16.31 > >> Til:[email protected] > >> Emne: netfilter mailing list abandoned > >> > >> Has this mailing list been abandoned? > >> > >> Wayne Sallee > >> [email protected] > >> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.WayneSallee.com&data=02%7C01%7CAndre.Paulsberg-Csibi%40evry.com%7C29e0e6bf02664307a04808d610209d6f%7C40cc2915e2834a2794716bdd7ca4c6e1%7C1%7C0%7C636714129600745714&sdata=DjKC1ADigXXyQIqOi6NE459IcCT2yrSZDiPuspiSZEg%3D&reserved=0 > >> >
