[ossec-list] problem log iptables

Thu, 01 Feb 2007 02:45:33 -0800

i want log in OSSEC (in alert.log)

/var/log/kern.log

Jan 31 21:52:55 gatlan kernel: DROP TRACEROUTE IN=ppp0 OUT= MAC= SRC="" DST=90.20.131.158 LEN=80 TOS=0x00 PREC=0xC0 TTL=248 ID=3575 PROTO=ICMP TYPE=3 CODE=1 [SRC="" DST=192.168.1.64 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=8857 DF PROTO=TCP SPT=2267 DPT=4662 WINDOW=65535 RES=0x00 SYN URGP=0 ]

/var/ossec/rules/firewall_rules.xml

  <rule id="4101" level="6">
    <if_sid>4100</if_sid>
    <action>DROP</action>
    <!-- <options>no_log</options> -->
    <description>Firewall drop event.</description>
    <group>firewall_drop,</group>
  </rule>

/var/ossec/etc/ossec.conf

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/kern.log</location>
  </localfile>


but nothing are loggued by OSSEC...

Reply via email to