See https://logi.cc/en/2010/07/netfilter-log-format/ (found via google using "netfilter log entry field names). On Sun, 2 Sep 2018 13:30:32 -0400 Wayne Sallee <Wayne@xxxxxxxxxxxxxxx> wrote: > Yes. > > Wayne Sallee > Wayne@xxxxxxxxxxxxxxx > http://www.WayneSallee.com > > -------- Original Message -------- > *Subject: *Re: netfilter mailing list abandoned > *From: *Neal P. Murphy <neal.p.murphy@xxxxxxxxxxxx> > *To: *Wayne Sallee <Wayne@xxxxxxxxxxxxxxx> > *Date: *09/02/2018 12:38 PM > > Are you speaking of log entries like these? > > --- > > May 7 00:15:22 lanner kernel: [1331862.087653] Denied-by-mangle:blockSetDrop IN=eth3 OUT= MAC=00:90:0b:17:f2:7d:00:01:5c:8e:ea:46:08:00 SRC=85.104.239.148 DST=73.n.n.133 LEN=40 TOS=0x00 PREC=0x20 TTL=236 ID=28662 DF PROTO=TCP SPT=59418 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0 > > May 7 00:17:31 lanner kernel: [1331991.422047] Denied-by-filter:INPUT IN=eth3 OUT= MAC=00:90:0b:17:f2:7d:00:01:5c:8e:ea:46:08:00 SRC=5.188.11.131 DST=73.n.n.133 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=17762 PROTO=TCP SPT=48786 DPT=22740 WINDOW=1024 RES=0x00 SYN URGP=0 > > May 6 05:13:39 lanner kernel: [1263359.277850] Denied-by-filter:INPUT IN=eth3 OUT= MAC=00:90:0b:17:f2:7d:00:01:5c:8e:ea:46:08:00 SRC=198.211.97.48 DST=73.n.n.133 LEN=30 TOS=0x00 PREC=0x20 TTL=53 ID=0 DF PROTO=UDP SPT=49076 DPT=1434 LEN=10 > > ---- > > > > > > > > On Sun, 2 Sep 2018 07:38:19 -0400 > > Wayne Sallee <Wayne@xxxxxxxxxxxxxxx> wrote: > > > >> Thanks, I've been there already, but was not able to find anything that tells how to read the logs. > >> > >> Wayne Sallee > >> Wayne@xxxxxxxxxxxxxxx > >> http://www.WayneSallee.com > >> > >> -------- Original Message -------- > >> *Subject: *SV: SV: netfilter mailing list abandoned > >> *From: *André Paulsberg-Csibi (IBM Consultant) <Andre.Paulsberg-Csibi@xxxxxxxx> > >> *To: *'Wayne Sallee' <Wayne@xxxxxxxxxxxxxxx>, netfilter@xxxxxxxxxxxxxxx <netfilter@xxxxxxxxxxxxxxx> > >> *Date: *09/01/2018 05:26 PM > >>> I will just assume you mean the syntax for making your own log in either iptables / nftables , I would assume this is a good place to start -> https://netfilter.org/projects/iptables/index.html > >>> > >>> However logging typically is "yours to design" and all can be logged , but unless you make specific "rules" for it nothing will be logged . > >>> > >>> IF on the other hand you want to understand the syntax in the output , you need to explain or show some examples . > >>> > >>> > >>> Best regards > >>> André Paulsberg-Csibi > >>> Senior Network Engineer > >>> IBM Services AS > >>> > >>> > >>> Sensitivity: Internal > >>> > >>> -----Opprinnelig melding----- > >>> Fra: netfilter-owner@xxxxxxxxxxxxxxx <netfilter-owner@xxxxxxxxxxxxxxx> På vegne av Wayne Sallee > >>> Sendt: lørdag 1. september 2018 17.36 > >>> Til: netfilter@xxxxxxxxxxxxxxx > >>> Emne: Re: SV: netfilter mailing list abandoned > >>> > >>> My question on that thread was: > >>> > >>> "Where is a good place to learn how to understand firewall logs?" > >>> > >>> What is hard to understand about that question? > >>> Doesn't netfilter contribute to the firewall logs? > >>> > >>> Is there a better mailing list for this subject, that has not been abandoned? > >>> > >>> Wayne Sallee > >>> Wayne@xxxxxxxxxxxxxxx > >>> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.WayneSallee.com&data=02%7C01%7CAndre.Paulsberg-Csibi%40evry.com%7C29e0e6bf02664307a04808d610209d6f%7C40cc2915e2834a2794716bdd7ca4c6e1%7C1%7C0%7C636714129600745714&sdata=DjKC1ADigXXyQIqOi6NE459IcCT2yrSZDiPuspiSZEg%3D&reserved=0 > >>> > >>> -------- Original Message -------- > >>> *Subject: *SV: netfilter mailing list abandoned > >>> *From: *André Paulsberg-Csibi (IBM Consultant) <Andre.Paulsberg-Csibi@xxxxxxxx> > >>> *To: *'Wayne Sallee' <Wayne@xxxxxxxxxxxxxxx>, netfilter@xxxxxxxxxxxxxxx <netfilter@xxxxxxxxxxxxxxx> > >>> *Date: *08/29/2018 02:42 PM > >>>> Nope , last activity was on Thursday 23. 20:34 , except your mail Friday 24. > >>>> > >>>> I cannot tell why nobody responded , I did not respond during the weekend as I was away and after I saw it I could not "imagine" what exactly you was asking ( which may or may not be the reason no one else answered either ) > >>>> > >>>> > >>>> > >>>> Best regards > >>>> André Paulsberg-Csibi > >>>> Senior Network Engineer > >>>> IBM Services AS > >>>> > >>>> > >>>> Sensitivity: Internal > >>>> > >>>> -----Opprinnelig melding----- > >>>> Fra:netfilter-owner@xxxxxxxxxxxxxxx <netfilter-owner@xxxxxxxxxxxxxxx> På vegne av Wayne Sallee > >>>> Sendt: onsdag 29. august 2018 16.31 > >>>> Til:netfilter@xxxxxxxxxxxxxxx > >>>> Emne: netfilter mailing list abandoned > >>>> > >>>> Has this mailing list been abandoned? > >>>> > >>>> Wayne Sallee > >>>> Wayne@xxxxxxxxxxxxxxx > >>>> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.WayneSallee.com&data=02%7C01%7CAndre.Paulsberg-Csibi%40evry.com%7C29e0e6bf02664307a04808d610209d6f%7C40cc2915e2834a2794716bdd7ca4c6e1%7C1%7C0%7C636714129600745714&sdata=DjKC1ADigXXyQIqOi6NE459IcCT2yrSZDiPuspiSZEg%3D&reserved=0 >
