On Tue, Apr 15, 2008 at 03:42:54PM +0000, Digby Tarvin wrote: > where the list line was to filter out the most frequent messages, but > I am not really sure what, if any, rejected connections/packets I > should be looking out for, and what should just be ignored... > > Perhaps I should redirect the firewall logs to a separate file? Or > just stick my head in the sand and log nothing - which is presumably > the situation with my dsl router..
I don't have any incoming ports since I don't offer services to the net, not even ssh. Therefore, I drop everything coming in and don't log it. I by default have all ports outgoing closed to and log everything that shorewall stops. Then I open the ports I need with selected ACCEPT macros. Then the only things that end up in syslog are ones I need to see. My logaudit script doesn't filter out shorewall lines so I see them. I do have console logging turned off so I don't get interrupted. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]