Jonas Meurer([EMAIL PROTECTED]) is reported to have said: > On 29/05/2004 Gian Piero Carrubba wrote: > > As said, I don't use firehol, so I can't help about how you can do that, > > nevertheless I'm sure you can. > > Generally speaking, you need a kernel with support for ulog target and > > netlink device, a running ulogd daemon and an iptables rule that > > redirect packages to ULOG target (instead of LOG). > > ok, so loaded the ipt_ULOG module, and installed ulogd, but now i don't > know how to go on. > > > With ulogd you can log to a specified file or to a running sql server > > (mysql and postgres supported, not sure about others). Can't remember if > > other possibilities allowed (they are enough for my needs). > > mh, i think logging all the reject/drop notes like the one at the > initial threat post to one specified file would be interesting. > > Any idea how to simply direct all iptables messages to ulog?
In /etc/filhol # ---------------------------------------------------------------------------- # CUSTOM SERVICES # ---------------------------------------------------------------------------- # See the section "Adding Services" in the documentation # Example service x, listening on port TCP/z # > server_x_ports="tcp/z" # > client_x_ports="default" FIREHOL_LOG_MODE="ULOG" FIREHOL_LOG_LEVEL="--log-level warning" FIREHOL_LOG_OPTIONS="--log-tcp-options --log-ip-options" FIREHOL_LOG_FREQUENCY="1/second" #FIREHOL_LOG_FREQUENCY="30/minute" #FIREHOL_LOG_BURST="5" FIREHOL_LOG_BURST="2" The log file is /var/log/ulog/syslogemu.log Using firehol 1.182+cvs+20040325-2 Wayne -- Computer programmers do it byte by byte. _______________________________________________________
