The carbonbased lifeform shimp inspired alt.os.linux.suse with:
> opensuse 10.3
>
> So is the firewall basically iptables? or something else?

The SUSEfirewall script is a frontend for iptables, which in turn is a
API for the kernel.

> Anyone know a good log reader application? Something to give more
> friendly meaning to all of the gibberish?

Sorry, there's no "dummy guide to the Linux iptables kernel messages".
But there are logfile parsers that can show you warnings or errors with
colors etc.

> Can I get the firewall log out of dmesg?

Probably not completely,as dmesg has a ring structure.

For a clearer view of the firewall messages, and a much more transparent
setup you could try Shorewall, which has it's own viewer.
Compare:
Feb 25 00:39:53 net2fwROP:IN=eth1 OUT= SRC=98.198.113.97
DST=10.0.0.150 LEN=103 TOS=0x00 PREC=0x00 TTL=109 ID=4291 PROTO=UDP
SPT=42703 DPT=42703 LEN=83

to:
Feb 25 00:39:53 ferrets4me kernel: Shorewall:net2fwROP:IN=eth1 OUT=
MAC=00:01:02:05:4e:5f:00:0e:50:bd:b0:26:08:00 SRC=98.198.113.97
DST=10.0.0.150 LEN=103 TOS=0x00 PREC=0x00 TTL=109 ID=4291 PROTO=UDP
SPT=42703 DPT=42703 LEN=83

Theo
--
theo at van-werkhoven.nl ICQ:277217131 SuSE Linux
linuxcounter.org: 99872 Jabber:muadib at jabber.xs4all.nl AMD XP3000+ 1024MB
"ik _heb_ niets tegen Microsoft, ik heb iets tegen
de uitwassen *van* Microsoft"

shimp wrote:
> opensuse 10.3
>
> So is the firewall basically iptables? or something else?
>
> Anyone know a good log reader application? Something to give more
> friendly meaning to all of the gibberish?

No offense, but just in case this is interesting, the
gibberish isn't all that different from the gibberish produced
by commercial firewalls (e.g. Cisco PiX, etc).

I'm not sure of a tool that tries to make it more meaningful.

>
> Can I get the firewall log out of dmesg?

Not sure... I wouldn't get your messages out of
the kernel ring buffer.... I mean... it's not a complete
list of messages anyhow. Use the destinations setup
in syslog-ng.

In /etc/syslog-ng/syslog-ng.conf

destination firewall { file("/var/log/firewall"); };
log { source(src); filter(f_iptables); destination(firewall); };

and just make sure to filter out "not filter(f_iptables)" the
info from other log destinations where you don't want them.

>> Anyone know a good log reader application? Something to give more
>> friendly meaning to all of the gibberish?
>
> No offense, but just in case this is interesting, the
> gibberish isn't all that different from the gibberish produced
> by commercial firewalls (e.g. Cisco PiX, etc).
>
> I'm not sure of a tool that tries to make it more meaningful.
>
>>

Ok. I can make sense of it, I mean I just wanted it prettier. Long lines
of stuff wrapped in the console is hard to read. I suppose I could write
a tool easily to parse it.

thanks

On Tue, 2008-02-26 at 14:24 -0700, shimp wrote:
> >> Anyone know a good log reader application? Something to give more
> >> friendly meaning to all of the gibberish?
> >
> > No offense, but just in case this is interesting, the
> > gibberish isn't all that different from the gibberish produced
> > by commercial firewalls (e.g. Cisco PiX, etc).
> >
> > I'm not sure of a tool that tries to make it more meaningful.
> >
> >>
>
> Ok. I can make sense of it, I mean I just wanted it prettier. Long lines
> of stuff wrapped in the console is hard to read. I suppose I could write
> a tool easily to parse it.

On the $ side... you can look into http://splunk.com

Actually, up to a certain level of logging, I think their
product is free. It's an interesting product.

>
> thanks

shimp wrote:

> opensuse 10.3
>
> So is the firewall basically iptables?

Yes.

> Anyone know a good log reader application?

Logwatch. Make sure that the iptables entries you are interested in have
the log flag set.

Günther