> > Is there a way that I can log an initial handshake until a session is > > established? > > Use plain old LOG rules in the rules file. LOGALLNEW is intended as a > debugging aid to be used infrequently and not something for continuous > network auditing.
These are my existing rules from the internal network to the external internet: ACCEPT sal ext tcp 80,443 Ok, so all of my rules look like the line above, to add LOG rules, is it best to do one rule like this: ACCEPT:info sal ext tcp 80,443 or have two rules like: LOG sal ext tcp 80,443 ACCEPT sal ext tcp 80,443 Also, my policy file looks like this: lab ext ACCEPT info scan ext ACCEPT info eng ext ACCEPT info eng lab ACCEPT info roade lab ACCEPT info ext all DROP info The "info" should be what tells the system what to log by default, if there is not a rule specified? And this should mean that any incoming packets are dropped and logged if they don't match a specific rule allowing them, unless they're ESTABLISHED or RELATED to an existing connection? > I really advise against using Netfilter for network auditing at all. But if > you must, just use plain Shorewall logging rules with the ULOG pseudo log > level and run ulogd to write the records to disk (possibly into a SQL > database). If i'm using Shorewall to create the iptables config and load it, won't I be using the default Shorewall logging capabilities? I'm not necessarily doing network auditing, I just want to be able to check for specific IP addresses that are either incoming or outgoing and be able to find out if something was sent in/out. It's not something I do daily, just if someone ask if something was done, then I need to search the logs. Is using ulogd that much more beneficial than the default /var/log/messages? Thanks Brad B. -- Have Mercy & Say Yeah ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
