On Thu, 3 Feb 2005, Junji Kanemaru wrote:
> Hi,
>
> I have a quick question regarding netfilter logging. I'm working on
> some unified system logging interface and want to get netfilter
> log when some netfilter policy violation occurred.
> How I can get that kind of logs? Maybe I need to write ULog filter
> for that? I could be showing my ignorance though...
It would be hard for netfilter or any app to self police itself. This
would be what an IDS would do, sit behind the netfilter firewall and sound
loud alarms and spew e-mails to all staff when somethig got past the
firewall and into terriroy it was not meant to hit.
You could log every rule or all drops and rejects, but, that tends to make
big logs and consume lots of time and be of little use unless you are
tracing a problem. Most folks should pay more attention to logging what
has been alowed to pass the firewall then what has been blocked by it.
But a well tuned IDS can enhanced ones warm fuuzzies. A poorly tuned IDS
will spew so many falsies that it will be ignored, so YMMV.
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
...Love is the ultimate outlaw. It just won't adhere to rules.
The most any of us can do is sign on as it's accomplice. Instead
of vowing to honor and obey, maybe we should swear to aid and abet.
That would mean that security is out of the question. The words
"make" and "stay" become inappropriate. My love for you has no
strings attached. I love you for free...
-Tom Robins <Still Life With Woodpecker>
