The Shorewall Logs are also attached for ready reference May 30 16:06:09 ABCFirewall kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=eth1 SR C=x.x.68.114 DST=x.x.23.101 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=35411 DF P ROTO=TCP SPT=3983 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 May 30 16:06:09 ABCFirewall kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=eth1 SR C=x.x.68.114 DST=x.x.23.101 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=35413 DF P ROTO=TCP SPT=3983 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 May 30 16:06:10 ABCFirewall kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 SR C=x.x.68.114 DST=x.x.23.101 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=35414 DF P ROTO=TCP SPT=3983 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 May 30 16:06:11 ABCFirewall kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 SR C=x.x.68.95 DST=x.x.6.14 LEN=75 TOS=0x00 PREC=0x00 TTL=127 ID=59079 PROTO=U DP SPT=1025 DPT=53 LEN=55 May 30 16:06:11 ABCFirewall kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=eth1 SR C=x.x.68.114 DST=x.x.23.101 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=35415 DF P ROTO=TCP SPT=3984 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 May 30 16:06:12 ABCFirewall kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=eth1 SR C=x.x.68.114 DST=x.x.23.101 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=35417 DF P ROTO=TCP SPT=3984 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 May 30 16:06:12 ABCFirewall kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=eth1 SR C=x.x.68.114 DST=x.x.23.101 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=35418 DF P ROTO=TCP SPT=3984 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 May 30 16:06:14 ABCFirewall kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=eth1 SR C=x.x.68.159 DST=x.x.6.41 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=32085 DF PRO TO=TCP SPT=1750 DPT=4040 WINDOW=65535 RES=0x00 SYN URGP=0 May 30 16:06:16 ABCFirewall kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=eth1 SR C=x.x.68.200 DST=x.x.7.47 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=42965 DF PRO TO=TCP SPT=3864 DPT=50000 WINDOW=65535 RES=0x00 SYN URGP=0 May 30 16:06:20 ABCFirewall kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=eth1 SR C=x.x.68.159 DST=x.x.6.41 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=32119 DF PRO TO=TCP SPT=1751 DPT=4040 WINDOW=65535 RES=0x00 SYN URGP=0
Thanks & Regards Gagan On May 30, 10:21 am, [EMAIL PROTECTED] wrote: > Dear Mailing List > > I am trying to connect the shorewall logs with the Ossec HIDS server. > > The Shorewall is installed on the redhat 9 box with ossec 1.5 agent. > It is monitoring the default log files > /var/log/messages > /var/log/secure > The shorewall logs are generated in the file /var/log/messages. > After connection with server it is sending the normal OS logs (session > opened , session closed etc) generated in /var/log/messages to HIDS > server but not the firewall logs. > The ossec.conf file states > > <localfile> > <log_format>syslog</log_format> > <location>/var/log/messages</location> > </localfile> > > I had tried to change the config as > > <localfile> > <log_format>iptables-shorewall</log_format> > <location>/var/log/messages</location> > </localfile> > > But after doing such change the agent doesn't start & returns the > config error. > Can anyone suggest were I am going wrong or what is method for > attaching shorewall logs. > Any help would be highly appreciated. > > Regards > Gagan
