fwanalog for Debian =================== GENERAL ------- This package requires (in order to generate something) that you log all packets that you reject or drop. This can be accomplished by inserting a -j LOG before your normal -j DROP or -j REJECT rules. As always, exercise caution when tampering with your firewall-setup, and check it for any holes with nmap et al afterwards. If you need a firewall-script for iptables with logging-support, I suggest you try MonMotha's IPTables Firewall at http://monmotha.mplug.org/firewall/index.php CONFIG OPTIONS -------------- There are some important options in /etc/fwanalog/fwanalog.opts that you may need to check. logformat: The log format, which is set to "iptables" by default. Other valid values are: ipchains, ipf, openbsd, freebsd, solarisipf, pf_30, zynos, pix, watchguard, fw1. For an explaination about these values, see the comments in /etc/fwanalog/fwanalog.opts outdir: The output directory, which is set by default to /var/log/fwanalog. Change this value to a subdirectory of /var/www (e.g. /var/www/fwanalog) if you want to be able to access fwanalog results from your webserver. WARNING: fwanalog output may be analysed by a potential attacker to guess your firewall ruleset. It may be a good idea to restrict world access to this information. inputfiles_dir, inputfiles_mask: The directory where logfiles are in is called "inputfiles_dir" and is set to /var/log. fwanalog will process logfiles in this directory, which are called as specified in "inputfiles_mask". This variable is set to "messages*" by default. See /usr/share/doc/fwanalog/examples/fwanalog.opts.* for some examples of common configuration scenarios. PERMISSIONS ----------- fwanalog runs as an unprivileged user by default in Debian; remember to allow the fwanalog user to write in the directory you choose as the fwanalog output directory. Also ensure that the fwanalog user is able to read logfiles located under "$inputfiles_dir/$inputfiles_mask" (/var/log/messages* by default). CRON ---- To modify the cronjob behaviour and the output language run the following command: dpkg-reconfigure fwanalog