[Shorewall-users] psad + shorewall

Djun Kim Djun.Kim at CieloSystems.COM
Sat Dec 13 21:09:32 PST 2003


> On Fri, 2003-09-19 at 07:10, Tom Eastep wrote:
> > On Fri, 2003-09-19 at 06:59, Tom Eastep wrote:
> > > On Fri, 2003-09-19 at 06:52, Petr Novák wrote:
> > > 
> > > > Is there a way for shorewall to be comatible with psad ?
> > > 
> > > >From the above messages, it doesn't seem likely.
> > > 
> > 
> > Investigate the FW_MSG_SEARCH parameter in psad -- looks like you need
> > to set that to "Shorewall:" or something similar.
> > 
> 
> Looks like you might also have to set LOGFORMAT="Shorewall:" in
> shorewall.conf. This of course will make Shorewall log messages rather
> useless since you won't know which chain generated a given message.
> 
> -Tom


It looks like setting FW_MSG_SEARCH to  (DROP)|(REJECT) satisfies the
configuration checks and causes psad to monitor both dropped and rejected
messages.  No changes to the shorewall configuration file are necessary.

    Djun




More information about the Shorewall-users mailing list