Topic: Where does ipchains log to?

[Chris Bragg]

I know this is likely a lame question, but I don't see the answer. In looking at all the logs available on the server, I cannot find anywhere where ipchains is logging to. Even after running a portscan from outside my LAN, the logs available show nothing at all.

Could it be that I've simply missed something here? Or perhaps logging is not turned on by default? If the latter, perhaps someone could let me know which file to edit to turn logging for ipchains on?

TIA,

Chris

[Uwe Schreiber]

In many Linux distributions the logging of ipchains (also snort, prelude or something else) is disabled by default, because it will result in huge logfiles.

But don't ask me where you have to enable it...

[Charlie Brady]

Uwe Schreiber wrote:

> In many Linux distributions the logging of ipchains (also
> snort, prelude or something else) is disabled by default,
> because it will result in huge logfiles.
>
> But don't ask me where you have to enable it...

/sbin/e-smith/db configuration setprop masq Logging xxx

# Valid values of xxx are "all", "none" and "most".
# "most" means all denied packets except SMB and RIP

/sbin/e-smith/signal-event remoteaccess-update

Regards

Charlie

[Chris Bragg]

Thanks Charlie, this is exactly what I was looking for. It worked great! Tell me though, is this change going to be permanent? Meaning, will I have to enter this again should the system be rebooted? I never reboot this router by choice, but I've suffered 8 blackouts in the past 5 months, so I wanted to be sure.

Thanks again!

Chris