[Logwatch-Devel] ipchains/iptables reporting

James Wysynski wysynskij@yahoo.com
Fri, 24 Jan 2003 10:40:34 -0800 (PST)


Sounds like a good idea, but perhaps you could leave
the existing output format and add a configuration
item to select a different one?  (ie.
verbose/traditional vs. brief/tabular style vs. ?)   
We don't use the logwatch detail level for the
firewall output now, so this might be something we can
do with it...

As far as service names go, I personally like having
the service name lookup as I can't remember what all
the port numbers are for (especially ones I don't use
like MSSQL), but feel free to add a flag to turn it
on/off.  It should be really easy to do - we already
do this for hostname lookup.

BTW, I've been really busy lately but I'm still
alive... just haven't had much time to work on this
stuff.

-J

--- Neil <logwatch-devel@iamafreeman.com> wrote:
> Hello
> 
> I'd like to rewrite (or add details level to) the
> kernel ipchains /
> iptables so it is broken up by
> 
> destination ip (with interface next to it)
> destination port (for udp and tcp)
> source ip
> 
> and then (optionally) repeated but by
> 
> destination ip (with interface next to it)
> source ip
> destination port (for udp and tcp)
> 
> I would plan to reduce the length of the report
> depending on the number
> of matches there are.
> 
> I have in mind a tabular format (fixed with font
> time...) with
> (optionally) repeated values not repeated
> 
> the packet count in square brackets
> 
> 192.168.0.2 (eth0) [91]	80 tcp (http) [36]
> 123.123.123.123 [34]
> 						123.123.123.127 [2]
> 			8080 tcp [45]		123.123.123.123 [45]
> 			8081 tcp [10]		123.123.123.123 [10]
> .....
> ---
> 
> 192.168.0.2 (eth0) [91]	123.123.123.123 [89]	80 tcp
> (http) [34]
> 						8080 tcp [45]
> 						8081 tcp [10]
> 			123.123.123.127 [2]	80 tcp (http) [2]
> .....
> 
> 
> I also think the adding of service name should be
> somehow optional as
> (for me) I don't need it and I use standard ports
> for other things (slap
> wrists)
> 
> 
> Any thoughts?
> 
> Neil
> _______________________________________________
> Logwatch-Devel mailing list
> Logwatch-Devel@logwatch.org
>
http://list.logwatch.org/lists/listinfo/logwatch-devel


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com