|
It would
be better to reduce the amount of traffic you are logging. If you are logging
everything that gets dropped your log files are still going to huge. I usually
drop all the Microsoft RPC ports without logging, as well as other scan ports
(like skiddies scanning on 8080 for HTTP proxies). -----Original
Message----- Hi, I am
logging what our firewall is dropping (with the -j LOG option), and the
log file is enormous (2+ Gb a day). I was wondering if it is posible to
define what goes into the log. currently
it gives this : Oct 24
14:46:52 MEGALOMANIA kernel: IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=eth0
SRC="" DST=192.38.103.193 LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=27977
PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=60760 But all
I am interested in is the time, src, dst and len variables, everything else is
not needed for our logging. Can you adjust this? if so, how? Thanks, Thomas
Hanson
----------------------------------------
The information transmitted in this message is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document. |
