[ previous ] [ next ] [ threads ]
 
 From:  Brett Krueger <sigterm at rootednetworks dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Logging
 Date:  Sat, 15 Jan 2005 11:00:42 -1000
Jason:
	if you have some sort of nix box, you can use the default syslogd 
usually recieve events from m0n0wall.  ie) set your m0n0wall config to 
forward syslogd events,
http://m0n0wall_ip/diag_logs_settings.php

check off the "Enable syslog'ing to remote server"
enter its ip address
check what you would like to be logged.
ie) firewall events... possibly system events.

configure syslogd on your remote syslogd box to recieve m0n0wall 
requests. on linux: syslogd -m 0 -r

restart syslogd. bingo.... your logging to a remote server.

if you want to curve it even more you can always "tail" your logfile 
wiht grep statements i suppose.
ie) tail -F /var/log/m0n0wall |grep ipmon

hope thats what you need.

-brett
Jason wrote:
> Anyone have any suggestions on syslog software to look for firewall hits.  I 
> guess i'm just looking for something that will let me know of anything major 
> attacks the firewall.
> 
>  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

>  Baro: 1035.04 kPa Steady - Vis: 14 km - Sky: Few Clouds - Weather: ---
> 
>  =-=-=-= Website: http://www.WeatherServer.net =-=-=-=-=-=-=-=
>  Southern Ontario Weather Email Alerts, Closed Road Alerts
> 

-- 
<< sigterm >>
Brett Krueger
sigterm at rootednetworks dot com
Administrator
High Speed Unix Hosting/Shell Services and Consulting.
http://www.rootednetworks.com