[ale] Firewall logging
Jim Seymour
bluejay at speedfactory.net
Fri Jul 4 09:18:11 EDT 2003
On Fri, 4 Jul 2003, Jonathan Glass wrote:
> Jim Seymour wrote:
>
> >Hi All,
> >
> > I know this sounds like a really newbie question but here goes. I
> >have been looking around (google, redhat, etc.) trying to find out how to
> >tell if someone is trying or has tried to get into your system. I know
> >there are files/logs that catch this however I cannot locate any that my
> >system has. This is a RedHat 7.3 system and it is not running a
> >webserver. I've looked at /var/log/messages however surely there is
> >another/better option. Netstat will only give me info on current
> >connections, right? I think the default firewall for this system is
> >ipchains.
> >
> >TIA,
> >
> >
> >
> It is, but you must enable logging in your IPCHAINS rules. Check out
> the -l flag. In IPCHAINS you can append -l to whatever rules you want
> to monitor, and, IIRC, it will put it in /var/log/messages.
>
> HTH
Thanks Jonathan,
I will look into it pronto :-)
--
Jim Seymour
www.wingbarscafe.com
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list