oops...
I've been using ASL for the past year and a half at several sites and so far I absolutely love it. But I seem to have made a 'boo-boo'.
For the past 18 months one of my firewalls has been dutifully logging away while I eternally intended to analyze the quickly piling up logs.
Now I find that I need to go back and run a log analysis on a *special* user's historical traffic and low-and-behold. ASL only been logging the *dropped* traffic in /var/log/kernel. I don't use http proxy here for other reasons but I do still need to see at least a connection log. How do I do this in ASL? Do I have to have run "cat /proc/net/ip_conntrack" every 30 seconds? to get it [:O] ?
This thread was automatically locked due to age.