On 7/28/10 8:07 AM, Tom Eastep wrote: > On 7/28/10 7:48 AM, Andrea Perdicchia wrote: >> In the shorewall man page says "The -m option causes the MAC address of >> each packet source to be displayed *if that information is available* " >> But in my messages.log and kern.log (i use ubuntu server) the mac >> address information is not available. How i can enable it? > > Switch to ULOG (http://www.shorewall.net/shorewall_logging.html#ULOG).
Of course, the interface through which logged packets arrive must be Ethernet; otherwise, there is no ethernet header. On my own firewall (Lenny), both ULOG and LOG create log messages with the ethernet header intact: LOG: [1187508.980495] net-all:DROP:IN=eth1 OUT= MAC=00:a0:cc:db:31:c4:00:22:2d:76:5a:aa:08:00 SRC=61.168.222.222 DST=70.90.191.123 LEN=438 TOS=0x00 PREC=0x20 TTL=50 ID=33722 DF PROTO=UDP SPT=5060 DPT=5060 LEN=418 MARK=0x10000 ULOG: Jul 28 07:58:06 gateway net-all:DROP: IN=eth1 OUT= MAC=00:a0:cc:db:31:c4:00:22:2d:76:5a:aa:08:00 SRC=82.140.218.30 DST=70.90.191.123 LEN=95 TOS=00 PREC=0x20 TTL=112 ID=24573 PROTO=UDP SPT=61877 DPT=45947 LEN=75 Also, note that the sending MAC address (00:22:2d:76:5a:aa) is aways that of the next-hop router and is usually not that interesting. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
