> > >>> how can i change the logfile entry's to the old style?
> > >>> since 3 month i have suse8 and susefirewall2 in use.
> > >>> all works fine, but the style of the logfile entry's is
> > >>> not the same like susefirewall"1" !!
> > >>SuSEfirewall1 used ipchains and susefirewall2 uses iptables. I don't think
> > >>that the log format can be changed.
> well, i don't think it's a matter of not using suse-firewall2 or not reading
> the logs but accepting the new iptables log-format :-)

1) Nice about the new format is that is is more formal and thus easier
to process automatically.
2) Less nice (to my strained eye :>) is that the entries tend to align
less than the IPCHAINS log. Thus making it harder to quick scan large
amounts of log. I still did not find any tool I trust to find every
anomaly (be it user inconvenience, attempts at hacking or rule
weaknesses) thinkable.

That said I would combine 1) and 2) to write a small (probably awk, less
than 10% of perl package size) program that parses the log, present it
more humainly in a temp file and let me have a ball at it with vim. Not
less because I tend to make the volume more manageble by deleting stuff
I consider no-problem (like right now port 1433 = M$ SqlServer or port
80).

No, I did not write that script (yet). Am too busy going though those
louzy IPTABLES logs ;^)

Peter

-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]