[ale] Firewall logging
Jonathan Glass
jonathan.glass at ibb.gatech.edu
Fri Jul 4 08:58:20 EDT 2003
Jim Seymour wrote:
>Hi All,
>
> I know this sounds like a really newbie question but here goes. I
>have been looking around (google, redhat, etc.) trying to find out how to
>tell if someone is trying or has tried to get into your system. I know
>there are files/logs that catch this however I cannot locate any that my
>system has. This is a RedHat 7.3 system and it is not running a
>webserver. I've looked at /var/log/messages however surely there is
>another/better option. Netstat will only give me info on current
>connections, right? I think the default firewall for this system is
>ipchains.
>
>TIA,
>
>
>
It is, but you must enable logging in your IPCHAINS rules. Check out
the -l flag. In IPCHAINS you can append -l to whatever rules you want
to monitor, and, IIRC, it will put it in /var/log/messages.
HTH
Jonathan Glass
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list