This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

logging question

is it possible to set ASL to only log accepted traffic and not log any rejected traffic?

I have the broadcast rules to drop but not log them however broadcasts still show up in both packet filter and kernel logs...I am looking to log only accepted traffic..

This thread was automatically locked due to age.

0 SecApp over 21 years ago

Irritating behavior that needs a fix; Drops don't seem to work unless you specify the To as the interface (broadcasts need special handling too...)
Cancel
Vote Up 0 Vote Down

Cancel
0 Xeno over 21 years ago

By doing this you would have a lot of logging. I do not recommend you to log all allowed traffic.

To not log rejected traffic,make a drop-any rule at the bottom of your ruleset. That drops all forwared traffic. To drop/not_log all the traffic that goes direktly to your firewall, make a drop-any rule and insert the firewall's interface in "TO (Server)".

If you have an ASL that is up2date you can set "Log Allow" rules. This rule will allow traffic and log that traffic.

Xeno
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 21 years ago in reply to Xeno

i know about the disk space..if i can get hte logging to work as i wish then it will be simple for me to make tweaks...however i have the broadcast drop set as from internal broadcast to my wan interface any any dorp and they still show up in the kernel and packetfilter logs.....
Cancel
Vote Up 0 Vote Down

Cancel
0 Xeno over 21 years ago in reply to William Warren

If you use the predefined broadcast-definition, only xxx.xxx.xxx.255 will be droped. For packets to 255.255.255.255 you have to make a userdefined definition and ruleset.

Xeno
Cancel
Vote Up 0 Vote Down

Cancel