Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 23rd March 2012, 11:19
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,259
Thanks: 76
Thanked 23 Times in 19 Posts
Default need some help configuring fwlogwatch

the project is located here: http://fwlogwatch.inside-security.de/

and I installed the Debian version via apt-get. The firewall logs are written by apf-firewall.

After checking out every option in its config file this is a sample report I am getting but I really only want a summary but I can't seem to get it right. I.e. look at the first entries, they look identical. I'd love to get those summarized.

I can post my config file here if needed.

Code:
fwlogwatch summary

Generated Friday March 23 10:13:28 CET 2012 by root. 
1775 (and 137 older than 86400 seconds) of 39649 entries in 2 input files are packet logs, 1775 have unique characteristics. 
First packet log entry: Mar 22 10:18:14, last: Jan 01 01:00:00. 

All entries were logged by the same host: "h1870666". 
All entries have the same target: "-". 
Only the top 50 entries are shown.
#	chain	interface	proto	source	hostname	destination	hostname	port	service	opts
1	[81018.503995] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[81021.536094] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[81047.626337] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[81050.660093] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[81134.093213] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[81137.124093] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[81524.648020] ** IN_TCP DROP **	eth0	tcp	74.118.195.188	tibiaredbot.com.br	85.214.229.212	h1870666.stratoserver.net	8752	-	sa----
1	[81895.986463] ** IDENT **	eth0	tcp	196.41.124.211	cpanel.cybersmart.co.za	85.214.229.212	h1870666.stratoserver.net	113	auth	SYN
1	[82011.656911] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[82014.688094] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[82213.123923] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[82216.156096] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
Reply With Quote
Sponsored Links
 

Bookmarks

Tags
firewall, fwlogwatch, iptables

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ubuntu 11.10, ISPConfig 3.0.4.1 needs some nginx.conf tweaks after following guide. talkingnews Installation/Configuration 10 28th November 2011 21:55
MyDNS fails to start tristanlee85 Installation/Configuration 11 16th March 2010 15:49
error in installer_base.lib.php shows up while configuring in expert-mode d@ten Installation/Configuration 1 15th September 2009 12:51
Xen on Ubuntu kmand HOWTO-Related Questions 17 5th March 2009 18:43
Postfix error: can't use email!! Please help. miguelpinheiro General 7 16th November 2008 23:00


All times are GMT +2. The time now is 08:11.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.