Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] susefirewall2 logfile entry
13.06.2002 10:53:21, Peter van den Heuvel <peter@xxxxxxxxxxxxxxxx> wrote:

>> > >>> how can i change the logfile entry's to the old style?
>> > >>> since 3 month i have suse8 and susefirewall2 in use.
>> > >>> all works fine, but the style of the logfile entry's is
>> > >>> not the same like susefirewall"1" !!
>> > >>SuSEfirewall1 used ipchains and susefirewall2 uses iptables. I don't think
>> > >>that the log format can be changed.
>> well, i don't think it's a matter of not using suse-firewall2 or not reading
>> the logs but accepting the new iptables log-format :-)
>
>1) Nice about the new format is that is is more formal and thus easier
>to process automatically.
>2) Less nice (to my strained eye :>) is that the entries tend to align
>less than the IPCHAINS log. Thus making it harder to quick scan large
>amounts of log. I still did not find any tool I trust to find every
>anomaly (be it user inconvenience, attempts at hacking or rule
>weaknesses) thinkable.
>
>That said I would combine 1) and 2) to write a small (probably awk, less
>than 10% of perl package size) program that parses the log, present it
>more humainly in a temp file and let me have a ball at it with vim. Not
>less because I tend to make the volume more manageble by deleting stuff
>I consider no-problem (like right now port 1433 = M$ SqlServer or port
>80).
>
>No, I did not write that script (yet). Am too busy going though those
>louzy IPTABLES logs ;^)
>
>Peter


hi to all i have nerved,

...now i have found what i am looking for!

http://loggrep.sourceforge.net/
http://hr.uoregon.edu/davidrl/iptables.html

i haven't tested the tools allready, but i will do this tonight!







< Previous Next >