Thanks I will try it. On 02/02/2008, ken Felix <[EMAIL PROTECTED]> wrote: > Here's what i did, but I don't know why you want to log everything > being drop . Your log could get full in no time, if you have heavy > traffic or a mis-configured host/server etc. > > > > [edit] > [EMAIL PROTECTED] show firewall name securityguard rule 1024 > action: "drop" > log: "enable" > > [edit] > [EMAIL PROTECTED] exit > [edit] > > > > > [EMAIL PROTECTED]> show firewall securityguard rule 1024 > > State Codes: E - Established, I - Invalid, N - New, R - Related > > rule action source destination proto state > ---- ------ ------ ----------- ----- ----- > 1024 DROP 0.0.0.0/0 0.0.0.0/0 all any > > By the default the exclusive rule 1025 drop all traffic, so with rule > #1024 being last , you waste one rule number but get to place the > "log" statement and on this rule. > > and then check the firewall stats; > > show firewall securityguard statistics > > rule packets bytes action source destination > ---- ------- ----- ------ ------ ----------- > 3 7 588 ACCEPT 192.168.255.0/24 192.168.254.0/24 > 4 931K 132M ACCEPT 0.0.0.0/0 > 5 0 0 ACCEPT xxxxxxx xxxxxxxx > 6 7591 577K ACCEPT xxxxxxx.0/24 0.0.0.0/0 > 7 193 31058 ACCEPT xxxxxxxx.0/24 0.0.0.0/0 > 8 33160 2166K ACCEPT xxxxxxxxxxx.0/20 0.0.0.0/0 > 9 154K 9739K ACCEPT xxxxxxxxx 0.0.0.0/0 > 199 766K 730M ACCEPT 0.0.0.0/0 0.0.0.0/0 > 200 0 0 ACCEPT 0.0.0.0/0 0.0.0.0/0 > 1024 7609 1390K DROP 0.0.0.0/0 0.0.0.0/0 > 1025 1864K 341M DROP 0.0.0.0/0 0.0.0.0/0 > > > fwiw, I did add the following in the config for syslog > > [EMAIL PROTECTED] show system syslog > file "/var/log/messages" > > > Hope this helps. > > _______________________________________________ > Vyatta-users mailing list > [email protected] > http://mailman.vyatta.com/mailman/listinfo/vyatta-users >
-- Those that make the rule don't play the game!! _______________________________________________ Vyatta-users mailing list [email protected] http://mailman.vyatta.com/mailman/listinfo/vyatta-users
