Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Peter van den Heuvel (peterbank-connect.com)
Date: Thu Jun 13 2002 - 03:53:21 CDT
> > >>> how can i change the logfile entry's to the old style?
> > >>> since 3 month i have suse8 and susefirewall2 in use.
> > >>> all works fine, but the style of the logfile entry's is
> > >>> not the same like susefirewall"1" !!
> > >>SuSEfirewall1 used ipchains and susefirewall2 uses iptables. I don't think
> > >>that the log format can be changed.
> well, i don't think it's a matter of not using suse-firewall2 or not reading
> the logs but accepting the new iptables log-format :-)
1) Nice about the new format is that is is more formal and thus easier
to process automatically.
2) Less nice (to my strained eye :>) is that the entries tend to align
less than the IPCHAINS log. Thus making it harder to quick scan large
amounts of log. I still did not find any tool I trust to find every
anomaly (be it user inconvenience, attempts at hacking or rule
That said I would combine 1) and 2) to write a small (probably awk, less
than 10% of perl package size) program that parses the log, present it
more humainly in a temp file and let me have a ball at it with vim. Not
less because I tend to make the volume more manageble by deleting stuff
I consider no-problem (like right now port 1433 = M$ SqlServer or port
No, I did not write that script (yet). Am too busy going though those
louzy IPTABLES logs ;^)
-- To unsubscribe, e-mail: suse-security-unsubscribesuse.com For additional commands, e-mail: suse-security-helpsuse.com Security-related bug reports go to securitysuse.de, not here