Topic: Firewall logging

[Kevin Manderson]

Hi

I am trying to enable logging of dropped/blocked packets on a 5.1.2 and a 5.6 SME box. Read the FAQ from Mitel and it says:

    /sbin/e-smith/db configuration setprop masq Logging most
    /sbin/e-smith/signal-event remoteaccess-update

where most, all and none are supported.

Done this, restarted, tail -f the messages log file and hit it with an nmap scan. Not a peep. Tried different variations etc including a reboot but nothing.

Any other trick needed for logging??

Assistance appreciated
kevin

[brian kirk]

hi kevin
Works for me. Check (using mc?) that /home/e-smith/configuration actually has logging|most in the masq line. Also the logging turns up in the messages log which I did not expect.
Good luck
Brian

[kevin]

brian kirk wrote:
>
> hi kevin
> Works for me. Check (using mc?) that
> /home/e-smith/configuration actually has logging|most in the
> masq line. Also the logging turns up in the messages log
> which I did not expect.
> Good luck
> Brian

Found it - appears to be case sensitive :-}

Thanks

kevin

[Klaus Eckert]

and how can i configure that only dropped packets are logged?

it seems that Logging¦most logs every packet seen by the firewall...

cheers klaus

[Michael P. Soulier]

Klaus Eckert wrote:
>
> and how can i configure that only dropped packets are logged?
>
> it seems that Logging¦most logs every packet seen by the
> firewall...

No, it only logs those which reach a denylog rule, meaning that the traffic was dropped. What makes you think it's logging all traffic?

Mike