> was the packet dropped, accepted or denied? > what rule was violated? > what about the connection cause the rule to be violated? > Perhaps the answer is that I should use a commercial firewall if I want > that kind of information? You are perhaps missing that you can tailor the type of information you want to be logged; from the manpage: LOG Turn on kernel logging of matching packets. When this option is set for a rule, the Linux kernel will print some information on all matching packets (like most IP header fields) via printk(). --log-level level Level of logging (numeric or see syslog.conf(5)). --log-prefix prefix Prefix log messages with the specified prefix; up to 14 letters long, and useful for distinguishing messages in the logs. --log-tcp-sequence Log TCP sequence numbers. This is a security risk if the log is readable by users. --log-tcp-options Log options from the TCP packet header. --log-ip-options Log options from the IP packet header. Stefano "Raistlin" Zanero System Administrator Gioco.Net public PGP key block at http://gioco.net/pgpkeys _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Aug 28 2003 - 18:53:53 PDT