opensuse firewall logs - Suse

This is a discussion on opensuse firewall logs - Suse ; opensuse 10.3 So is the firewall basically iptables? or something else? Anyone know a good log reader application? Something to give more friendly meaning to all of the gibberish? Can I get the firewall log out of dmesg?...

+ Reply to Thread
Results 1 to 6 of 6

Thread: opensuse firewall logs

  1. opensuse firewall logs

    opensuse 10.3

    So is the firewall basically iptables? or something else?

    Anyone know a good log reader application? Something to give more
    friendly meaning to all of the gibberish?

    Can I get the firewall log out of dmesg?

  2. Re: opensuse firewall logs

    The carbonbased lifeform shimp inspired alt.os.linux.suse with:
    > opensuse 10.3
    >
    > So is the firewall basically iptables? or something else?


    The SUSEfirewall script is a frontend for iptables, which in turn is a
    API for the kernel.

    > Anyone know a good log reader application? Something to give more
    > friendly meaning to all of the gibberish?


    Sorry, there's no "dummy guide to the Linux iptables kernel messages".
    But there are logfile parsers that can show you warnings or errors with
    colors etc.

    > Can I get the firewall log out of dmesg?


    Probably not completely,as dmesg has a ring structure.

    For a clearer view of the firewall messages, and a much more transparent
    setup you could try Shorewall, which has it's own viewer.
    Compare:
    Feb 25 00:39:53 net2fwROP:IN=eth1 OUT= SRC=98.198.113.97
    DST=10.0.0.150 LEN=103 TOS=0x00 PREC=0x00 TTL=109 ID=4291 PROTO=UDP
    SPT=42703 DPT=42703 LEN=83

    to:
    Feb 25 00:39:53 ferrets4me kernel: Shorewall:net2fwROP:IN=eth1 OUT=
    MAC=00:01:02:05:4e:5f:00:0e:50:bd:b0:26:08:00 SRC=98.198.113.97
    DST=10.0.0.150 LEN=103 TOS=0x00 PREC=0x00 TTL=109 ID=4291 PROTO=UDP
    SPT=42703 DPT=42703 LEN=83

    Theo
    --
    theo at van-werkhoven.nl ICQ:277217131 SuSE Linux
    linuxcounter.org: 99872 Jabber:muadib at jabber.xs4all.nl AMD XP3000+ 1024MB
    "ik _heb_ niets tegen Microsoft, ik heb iets tegen
    de uitwassen *van* Microsoft"

  3. Re: opensuse firewall logs

    shimp wrote:
    > opensuse 10.3
    >
    > So is the firewall basically iptables? or something else?
    >
    > Anyone know a good log reader application? Something to give more
    > friendly meaning to all of the gibberish?


    No offense, but just in case this is interesting, the
    gibberish isn't all that different from the gibberish produced
    by commercial firewalls (e.g. Cisco PiX, etc).

    I'm not sure of a tool that tries to make it more meaningful.

    >
    > Can I get the firewall log out of dmesg?


    Not sure... I wouldn't get your messages out of
    the kernel ring buffer.... I mean... it's not a complete
    list of messages anyhow. Use the destinations setup
    in syslog-ng.

    In /etc/syslog-ng/syslog-ng.conf

    destination firewall { file("/var/log/firewall"); };
    log { source(src); filter(f_iptables); destination(firewall); };

    and just make sure to filter out "not filter(f_iptables)" the
    info from other log destinations where you don't want them.

  4. Re: opensuse firewall logs

    >> Anyone know a good log reader application? Something to give more
    >> friendly meaning to all of the gibberish?

    >
    > No offense, but just in case this is interesting, the
    > gibberish isn't all that different from the gibberish produced
    > by commercial firewalls (e.g. Cisco PiX, etc).
    >
    > I'm not sure of a tool that tries to make it more meaningful.
    >
    >>


    Ok. I can make sense of it, I mean I just wanted it prettier. Long lines
    of stuff wrapped in the console is hard to read. I suppose I could write
    a tool easily to parse it.

    thanks

  5. Re: opensuse firewall logs

    On Tue, 2008-02-26 at 14:24 -0700, shimp wrote:
    > >> Anyone know a good log reader application? Something to give more
    > >> friendly meaning to all of the gibberish?

    > >
    > > No offense, but just in case this is interesting, the
    > > gibberish isn't all that different from the gibberish produced
    > > by commercial firewalls (e.g. Cisco PiX, etc).
    > >
    > > I'm not sure of a tool that tries to make it more meaningful.
    > >
    > >>

    >
    > Ok. I can make sense of it, I mean I just wanted it prettier. Long lines
    > of stuff wrapped in the console is hard to read. I suppose I could write
    > a tool easily to parse it.


    On the $ side... you can look into http://splunk.com

    Actually, up to a certain level of logging, I think their
    product is free. It's an interesting product.

    >
    > thanks



  6. Re: opensuse firewall logs

    shimp wrote:

    > opensuse 10.3
    >
    > So is the firewall basically iptables?


    Yes.

    > Anyone know a good log reader application?


    Logwatch. Make sure that the iptables entries you are interested in have
    the log flag set.

    GŁnther


+ Reply to Thread