[plug] IPChain Question
Matt Kemner
zombie at wasp.net.au
Wed May 30 15:04:16 WST 2001
On Wed, 30 May 2001, Jon Miller wrote:
> Want to log all DENY response to a file on another server. Does anyone
> know of way to do this.
Hi Jon
use the -l flag on ipchains to have matches of that rule logged to syslog
(klog)
then edit /etc/syslog.conf to something like:
kern.* @<other server>
and then on that other server make sure syslogd is being run with the -r
flag.
You may want to set up a firewall on your border router to make sure no
other machines can send packets to that machine's syslog because it will
be open for DoS attack (in terms of filling up your HDD) otherwise.
If the two machines are on seperate networks linked only by the internet
using -r is a bad idea and you should use something like cron and scp
- Matt
More information about the plug
mailing list