[Date Prev][Date Next][Thread Prev][Thread Next][Thread Index]

Re: [fw1-gurus] log traffic from/to a machine

Subject: Re: [fw1-gurus] log traffic from/to a machine
From: Dameon Welch-Abernathy <phoneboy@xxxxxxxxx>
To: FireWall-1 Gurus Mailinglist <fw1-gurus@xxxxxxxxxxxxxxxxxx>
Date: Tue, 27 Jan 2009 07:54:29 -0800

On Tue, Jan 27, 2009 at 5:49 AM, Andreas Moroder
<andreas.moroder@xxxxxxxxxxxx> wrote:
> Hello,
>
> Is it possible to create such a rule that does nothing but
> loggin and dos not allow or disallow this traffic  or is tcpdump the only
> option ?

In iptables on Linux, the "log" action and the "drop" action are
actually separate rules, so you could do something like this there. In
VPN-1, the action and the log are integrated, which means whatever
rule decides what to do with the packet (acecpt, drop) is the one that
logs it. Your choices end up being:

1. Creating a bunch of rules specific to this IP before other rules to
ensure all activity by this IP is logged.

2. Use something like fw monitor, tcpdump or an external IDS/IPS to
track what that IP does.

-- PhoneBoy
_______________________________________________
fw1-gurus mailing list
fw1-gurus@xxxxxxxxxxxxxxxxxx
http://lists.phoneboy.com/listinfo.cgi/fw1-gurus-phoneboy.com

References:
- [fw1-gurus] log traffic from/to a machine
  - From: Andreas Moroder
- Re: [fw1-gurus] log traffic from/to a machine
  - From: Michael Schwartzkopff

Prev by Date: Re: [fw1-gurus] Critical Security Vulnerability in Nokia IPSO with SecureXL and NAT
Next by Date: [fw1-gurus] NGX R65 HFA40
Previous by thread: Re: [fw1-gurus] log traffic from/to a machine
Next by thread: Re: [fw1-gurus] log traffic from/to a machine
Index(es):
- Date
- Thread