Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 416 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

loging questions

Chip
What exactly is the packetfilter-log and what file is this?

What exactly is the portscan-log and what file is this?

What is the difference between the two? 

Lets say someone (any tcp, udp, icmp, esp, ah, etc..) tries to connect to my webserver sitting in my DMZ on a port that I currently block. The connection attempt is made at 2:00 AM or when I am not actively view either log.  Where in Astaro would I go to find this connection attempt and is there anyway in either of these log files to determine if my chains allowed or disallowed this connection? 

Sorry for the long winded dialog!

chip


This thread was automatically locked due to age.
Parents
  • 0
    The packetfilter log is '/var/log/packetfilter(date).gz' and the portscan log is '/var/log/portscan(date).gz'. You will find the logs from today in '/var/log/kernel'. The next version 3.X will allow you to view this files over the WebAdmin.

    Andy.
Reply
  • 0
    The packetfilter log is '/var/log/packetfilter(date).gz' and the portscan log is '/var/log/portscan(date).gz'. You will find the logs from today in '/var/log/kernel'. The next version 3.X will allow you to view this files over the WebAdmin.

    Andy.
Children
No Data
Unfiltered HTML