[Shorewall-users] Log parsers that work with shorewall ?

Axel Westerhold Axel at congos-tools.com
Thu Dec 18 22:33:04 PST 2003


On Thu, 2003-12-18 at 02:39, Leslie Hazelton wrote:
> I would like to have a good log parser for my shorewall firewall. 
> Specifically, I want detailed reports on iptables blocked packets, 
> including date and time. I saw the list in (FAQ-6a) and got a copy of 
> logwatch because Tom said it was the one he chose.
> 
> I find that the kernel service provides a limited summary of dropped 
> packets, but not in a format I can use.  Being somewhat lazy, I was 
> wondering if anyone else is using logwatch and has made such 
> modifications they would be willing to share.
> 
> I scanned the shorewall documentation and user guides looking for a page 
> like the one where Tom shares his personal shorewall configuration but 
> found nothing relating to logwatch. I also scanned google and the 
> logwatch mailing list archive with the same results.
> 
> --- 
> Les Hazelton
> --- Registered Linux user # 272996 ---
> 

Hi there,

the last time I had to deal with this for a customer I decided to use
ulog and mysql. It is fast, easy enough to install and there are various
ways to get an idea where, when and why packets got dropped/rejected. I
think it is a really flexible solution.

Axel Westerhold
DTS Systeme GmbH



More information about the Shorewall-users mailing list