Brad Bendily wrote: > > So, one last confirmation, my policy file mentioned earlier already > has "info" as the LOG LEVEL for all the sources, so I'll get a log > entry for any of the sources that are marked as DROP or REJECT?
And ACCEPT (assuming that you have 'LOG LEVEL' on those). > And, > if I add the ":info" to all of my other rules, I will get a log entry > for any of those as well? Yes! But if you have an ACCEPT entries for ping and for DNS lookups, I would think twice about logging those: a) Do you really need to log every ping (remember that each echo-request packet is in the NEW state). Think about ping floods. b) Are you really interested in who did DNS lookups to where? > > And, i should really run ULOG to be optimal for realtime logging? > You've already seen what can happen if you don't. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
