> On Fri, 2003-09-19 at 07:10, Tom Eastep wrote:
> > On Fri, 2003-09-19 at 06:59, Tom Eastep wrote:
> > > On Fri, 2003-09-19 at 06:52, Petr Novák wrote:
> > >
> > > > Is there a way for shorewall to be comatible with psad ?
> > >
> > > >From the above messages, it doesn''t seem likely.
> > >
> >
> > Investigate the FW_MSG_SEARCH parameter in psad -- looks like you need
> > to set that to "Shorewall:" or something similar.
> >
>
> Looks like you might also have to set LOGFORMAT="Shorewall:" in
> shorewall.conf. This of course will make Shorewall log messages rather
> useless since you won''t know which chain generated a given
message.
>
> -Tom
It looks like setting FW_MSG_SEARCH to (DROP)|(REJECT) satisfies the
configuration checks and causes psad to monitor both dropped and rejected
messages. No changes to the shorewall configuration file are necessary.
Djun
