Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Kevin Manderson on April 07, 2003, 06:46:17 PM

Title: Firewall logging
Post by: Kevin Manderson on April 07, 2003, 06:46:17 PM

Hi

I am trying to enable logging of dropped/blocked packets on a 5.1.2 and a 5.6 SME box. Read the FAQ from Mitel and it says:

    /sbin/e-smith/db configuration setprop masq Logging most
    /sbin/e-smith/signal-event remoteaccess-update

where most, all and none are supported.

Done this, restarted, tail -f the messages log file and hit it with an nmap scan. Not a peep. Tried different variations etc including a reboot but nothing.

Any other trick needed for logging??

Assistance appreciated
kevin

Title: Re: Firewall logging
Post by: brian kirk on April 08, 2003, 11:31:41 AM

hi kevin
Works for me. Check (using mc?) that /home/e-smith/configuration actually has logging|most in the masq line. Also the logging turns up in the messages log which I did not expect.
Good luck
Brian

Title: Re: Firewall logging
Post by: kevin on April 09, 2003, 04:04:17 AM

brian kirk wrote:
>
> hi kevin
> Works for me. Check (using mc?) that
> /home/e-smith/configuration actually has logging|most in the
> masq line. Also the logging turns up in the messages log
> which I did not expect.
> Good luck
> Brian

Found it - appears to be case sensitive :-}

Thanks

kevin

Title: Re: Firewall logging
Post by: Klaus Eckert on July 07, 2003, 02:02:18 AM

and how can i configure that only dropped packets are logged?

it seems that Logging¦most logs every packet seen by the firewall...

cheers klaus

Title: Re: Firewall logging
Post by: Michael P. Soulier on July 07, 2003, 03:36:38 AM

Klaus Eckert wrote:
>
> and how can i configure that only dropped packets are logged?
>
> it seems that Logging¦most logs every packet seen by the
> firewall...

No, it only logs those which reach a denylog rule, meaning that the traffic was dropped. What makes you think it's logging all traffic?

Mike