[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ale] Firewall logging
- To: ale@ale.org
- Subject: Re: [ale] Firewall logging
- From: Jim Seymour <bluejay@speedfactory.net>
- Date: Fri, 4 Jul 2003 09:18:11 -0400 (EDT)
- In-Reply-To: <3F0579EC.10906@ibb.gatech.edu>
- List-Archive: <http://www.ale.org/pipermail/ale/>
- List-Help: <mailto:ale-request@ale.org?subject=help>
- List-Id: Atlanta Linux Enthusiasts <ale.ale.org>
- List-Post: <mailto:ale@ale.org>
- List-Subscribe: <http://www.ale.org/mailman/listinfo/ale>,<mailto:ale-request@ale.org?subject=subscribe>
- List-Unsubscribe: <http://www.ale.org/mailman/listinfo/ale>,<mailto:ale-request@ale.org?subject=unsubscribe>
- Reply-To: ale@ale.org
- Sender: ale-admin@ale.org
On Fri, 4 Jul 2003, Jonathan Glass wrote:
> Jim Seymour wrote:
>
> >Hi All,
> >
> > I know this sounds like a really newbie question but here goes. I
> >have been looking around (google, redhat, etc.) trying to find out how to
> >tell if someone is trying or has tried to get into your system. I know
> >there are files/logs that catch this however I cannot locate any that my
> >system has. This is a RedHat 7.3 system and it is not running a
> >webserver. I've looked at /var/log/messages however surely there is
> >another/better option. Netstat will only give me info on current
> >connections, right? I think the default firewall for this system is
> >ipchains.
> >
> >TIA,
> >
> >
> >
> It is, but you must enable logging in your IPCHAINS rules. Check out
> the -l flag. In IPCHAINS you can append -l to whatever rules you want
> to monitor, and, IIRC, it will put it in /var/log/messages.
>
> HTH
Thanks Jonathan,
I will look into it pronto :-)
--
Jim Seymour
www.wingbarscafe.com
_______________________________________________
Ale mailing list
Ale@ale.org
http://www.ale.org/mailman/listinfo/ale