[Firehol-support] Redirecting Logging

Carlos Rodrigues carlos.efr at mail.telepac.pt
Wed Jan 23 17:57:01 GMT 2008 

If your distribution ships with ulogd, you can install it and then set
FIREHOL_LOG_MODE="ulog".

On Jan 23, 2008 4:34 PM, John Sullivan <lists at benzo8.org> wrote:
> Hi,
>
> I'm wondering if there's a way to stop logging all IN-Internet matches
> to syslog, and instead send them to another log. My server sits in a
> farm full of kiddies constantly looking for open 137-139s (it appears!)
> and it gets very difficult looking through the syslog for important
> stuff with constant:
>
> Jan 23 07:09:28 space kernel: ''IN-internet':'IN=eth0 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:0b:6a:f6:b3:40:08:00 SRC=83.170.75.139
> DST=83.170.75.191 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=32214 PROTO=UDP
> SPT=137 DPT=137 LEN=58
> Jan 23 08:56:57 space kernel: ''IN-internet':'IN=eth0 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:0b:6a:f6:b3:40:08:00 SRC=83.170.75.139
> DST=83.170.75.191 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=58737 PROTO=UDP
> SPT=137 DPT=137 LEN=58
> Jan 23 09:55:29 space kernel: ''IN-internet':'IN=eth0 OUT=
> MAC=00:0b:6a:f6:b2:d1:00:d0:02:95:74:00:08:00 SRC=62.152.115.217
> DST=83.170.75.135 LEN=78 TOS=0x00 PREC=0x00 TTL=116 ID=58548 PROTO=UDP
> SPT=137 DPT=137 LEN=58
> Jan 23 12:25:08 space kernel: ''IN-internet':'IN=eth0 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:0b:6a:b3:f5:91:08:00 SRC=83.170.75.136
> DST=83.170.75.191 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=923 PROTO=UDP
> SPT=137 DPT=137 LEN=58
> Jan 23 12:42:11 space kernel: ''IN-internet':'IN=eth0 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:0b:6a:f6:b3:40:08:00 SRC=83.170.75.139
> DST=83.170.75.191 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=60475 PROTO=UDP
> SPT=137 DPT=137 LEN=58
> Jan 23 14:54:22 space kernel: ''IN-internet':'IN=eth0 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:0b:6a:f6:b3:40:08:00 SRC=83.170.75.139
> DST=83.170.75.191 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=34281 PROTO=UDP
> SPT=137 DPT=137 LEN=58
>
> I've tried changing the FIREHOL_LOG_LEVEL variable to something higher
> than warning, but that doesn't seem to have any effect. Any other ideas?
>
> Thanks in advance...
>
> Me...
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
>



-- 
Carlos Rodrigues

More information about the Firehol-support mailing list