Op dinsdag 27 augustus 2019 14:29:53 CEST schreef Darin Perusich:
That option only logs denied packets, and not allowed packets which is arguably the more important information from an auditing perspective.
-- Later, Darin
Carlos mentioned it already, you can use a rich rule, but not how. Suppose you have just: firewall-cmd --permanent --zone=external --add-service=apache2-ssl to enable https access to your webserver. To log all start connections to this port you need to replace it with: firewall-cmd --permanent --zone=external --add-rich-rule='rule service name="apache2-ssl" log prefix="SOME_TEXT " level="info" limit value="1/m"' You may leave out level and limit. Note the space at the end of the prefix text. Also read the bug report on bugzilla #1147153 with a temporary patch for firewall-cmd to have this prefix text proper in the firewall log. Otherwise parsing the firewall log is more complicated. Similar for other services or ports. -- fr.gr. member openSUSE Freek de Kruijf -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org