Stephen Gran on 8 Mar 2008 16:15:56 -0800 |
On Sat, Mar 08, 2008 at 05:19:10PM -0500, Brian Vagnoni said: > Thanks Steven; > > I'm testing out Manage Engines Firewall Analyzer. It takes syslog > input from my Sonicwall firewall. I just want to make sure that it is > getting the all of the correct information. Ok, that is much clearer, thanks. I am assuming that this means that the sonicwall either writes a log that this thing reads, or the sonicwall sends (via rsyslog) to the machine where that thing is? If so, and what you are interested in capturing is firewall messages, look at how they are logged and make sure the sonicwall is configured appropriately. Assuming the sonicwall is linux-a-like, log levels are defined in /usr/src/linux-headers-2.6.22-3/include/linux/kernel.h, and are: #define KERN_EMERG "<0>" /* system is unusable */ #define KERN_ALERT "<1>" /* action must be taken immediately */ #define KERN_CRIT "<2>" /* critical conditions */ #define KERN_ERR "<3>" /* error conditions */ #define KERN_WARNING "<4>" /* warning conditions */ #define KERN_NOTICE "<5>" /* normal but significant condition */ #define KERN_INFO "<6>" /* informational */ #define KERN_DEBUG "<7>" /* debug-level messages */ Which unsurprisingly correspond to the syslog priorities. klogd will read messages from the kernel of the form <n>message and send them to syslog with facility kernel, priority n. Given this: static struct nf_loginfo default_loginfo = { .type = NF_LOG_TYPE_LOG, .u = { .log = { .level = 0, .logflags = NF_LOG_MASK, }, }, }; it appears that netfilter logs at priority 0 by default, whic seems a bit extreme for my tastes. So the short answer is: I don't think you can miss firewall logs unless you try fairly hard. -- -------------------------------------------------------------------------- | Stephen Gran | Misuse may cause suffocation. | | steve@lobefin.net | | | http://www.lobefin.net/~steve | | -------------------------------------------------------------------------- Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|