Re: logging request
Hello! As an answer for Your letter, I would like to write: After setting up the IPChains policies and rules, I want to be able to have a log file of any DENY packets sent to me. We use GroupWise as a email package. I also want those log files to exist on another Debian server that sits behind the firewall. -l for ipchains rules to log (put it everywhere you want it to log something) ane edit /etc/syslog.conf to set where to enable. To send it somewhere else You can use cron, I think. For more information check: IPCHAINS-HOWTO, section 4.1.4.2 Best Regards IronHand -- ,--[ IronHand of CruX ]--- GCS d- s:- a19 C+++ UL P+++ -. |MAIL:[EMAIL PROTECTED] L+++@ E- W+++ N+ o? K w+++ !O M | | WWW: +none yet+ICQ:43598300 V- PS+ PE- Y PGP- t+ 5+ X-- R++ | `- tv- b+ !DI D+ G++ e h!h++ r y? -' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: logging request
To log syslog messages to another server just edit /etc/syslog.conf and direct kern.=info to @hostname_of_logging_machine. You also have to go to the logging machine and setup it up to recieive logs from other computers by using the -r argument on syslogd. (see man page) I would like to make another comment that's not exactly directed to your post but might help in the future. There are hackers that search through mailing list and newsgroup archives looking for posts similar to yours in that you include alot of information about yourself in your sig file. This allows a hacker to know the name of the firewall manager at your company as well as some other important details. I could call your main office number now and perform social engineering. Hi this is Jon Miller from the Systems Department, i have to reset your password, what was your old one again? Of course nobody needs to know a previous password in order to reset one.. but i'm willing to bet there's at least one user i could get on the phone that would tell me. Of course this type of engineering goes on all the time, dropping the name of the director of systems sure makes it sound more legit. Also in the future if you post specific questions about your firewall that include any details about its configuration, a hacker could read that posting and instead of helping you plug the hole... comprimise your system. Hope this helps out in some way. Clint/schwack On Sat, 2 Jun 2001, Jon Miller wrote: After setting up the IPChains policies and rules, I want to be able to have a log file of any DENY packets sent to me. We use GroupWise as a email package. I also want those log files to exist on another Debian server that sits behind the firewall. TIA Jon L. Miller, MCNE Director/Sr Systems Consultant MMT Networks Pty Ltd http://www.mmtnetworks.com.au PH: +61 8 9242 8600 FX: +61 8 9242 8611 I don't know the key to success, but the key to failure is trying to please everybody. -Bill Cosby -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: logging request
To log syslog messages to another server just edit /etc/syslog.conf and direct kern.=info to @hostname_of_logging_machine. You also have to go to the logging machine and setup it up to recieive logs from other computers by using the -r argument on syslogd. (see man page) I would like to make another comment that's not exactly directed to your post but might help in the future. There are hackers that search through mailing list and newsgroup archives looking for posts similar to yours in that you include alot of information about yourself in your sig file. This allows a hacker to know the name of the firewall manager at your company as well as some other important details. I could call your main office number now and perform social engineering. Hi this is Jon Miller from the Systems Department, i have to reset your password, what was your old one again? Of course nobody needs to know a previous password in order to reset one.. but i'm willing to bet there's at least one user i could get on the phone that would tell me. Of course this type of engineering goes on all the time, dropping the name of the director of systems sure makes it sound more legit. Also in the future if you post specific questions about your firewall that include any details about its configuration, a hacker could read that posting and instead of helping you plug the hole... comprimise your system. Hope this helps out in some way. Clint/schwack On Sat, 2 Jun 2001, Jon Miller wrote: After setting up the IPChains policies and rules, I want to be able to have a log file of any DENY packets sent to me. We use GroupWise as a email package. I also want those log files to exist on another Debian server that sits behind the firewall. TIA Jon L. Miller, MCNE Director/Sr Systems Consultant MMT Networks Pty Ltd http://www.mmtnetworks.com.au PH: +61 8 9242 8600 FX: +61 8 9242 8611 I don't know the key to success, but the key to failure is trying to please everybody. -Bill Cosby
logging request
After setting up the IPChains policies and rules, I want to be able to have a log file of any DENY packets sent to me. We use GroupWise as a email package. I also want those log files to exist on another Debian server that sits behind the firewall. TIA Jon L. Miller, MCNE Director/Sr Systems Consultant MMT Networks Pty Ltd http://www.mmtnetworks.com.au PH: +61 8 9242 8600 FX: +61 8 9242 8611 I don't know the key to success, but the key to failure is trying to please everybody. -Bill Cosby !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=Content-Type content=text/html; charset=iso-8859-1 META content=MSHTML 5.50.4611.1300 name=GENERATOR/HEAD BODY style=MARGIN-TOP: 2px; FONT: 10pt Arial; MARGIN-LEFT: 2px DIVAfter setting up the IPChains policies and rules, I want to be able to have a log file of any DENY packets sent to me.nbsp; We use GroupWise as anbsp; email package.nbsp; I also want those log files to exist on another Debian server that sits behind the firewall./DIV DIVnbsp;/DIV DIVTIA/DIV DIVnbsp;/DIV DIVJon L. Miller, MCNEBRDirector/Sr Systems ConsultantBRMMT Networks Pty LtdBRA href=http://www.mmtnetworks.com.au;http://www.mmtnetworks.com.au/ABRPH: +61 8 9242 8600BRFX: +61 8 9242 8611BRI don't know the key to success, but the key to failureBRnbsp;is trying to please everybody. -Bill Cosby/DIV DIVnbsp;/DIV DIVnbsp;/DIV/BODY/HTML
