Hi everyone I have been trying to find some decent reporting / logging methods so a) not to fill up my machine with multiple amounts of logging and b) save me time when reading them. I decided in the end to use fwlogwatch for producing the report, this was ok except I was still having difficult to read logs due to having other things in there. To stop this I decided to use metalog and stop using syslog, this enabled me to use a regex on the logging so that iptables messages went only to the iptables directory. Once I had done this then fwlogwatch decided the source file was unreadable, hence the need for the firerep file which I have made into a nightly cron job. This script regex's the output log into a format that fwlogwatch can read without increase file space used, then run's fwlogwatch on the file and mails the html output to a designated person as an attachment as well as storing a copy locally. (beware the local copy will be over written daily unless you change it) I hope people think this explanation of my small bit of testing is helpful, and I have attached a copy of the configuration scripts for people to see. Also what do people think about logging all action with iptables not just deny/dropped ones? does anyone do it? should we do it? Thanks Mark http://www.carsplus.co.uk/e-Card/mpo.shtml
firerep
Description: Binary data
fwlogwatch.config
Description: Binary data
metalog.conf
Description: Binary data
