There are massive attacks on specific port, I want to trap and log just the ip source to this port. Is there anyway to do so with shorewall? Thanks. Willy Mularto sangprabv@gmail.com ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
You can get a summary of hits using: sudo shorewall hits -t -t list current day. I''m sure you can run the command through grep on the port number to get what you want. Wayne S At 6/20/2013 02:09 AM, you wrote:>There are massive attacks on specific port, I want to trap and log just the ip source to this port. Is there anyway to do so with shorewall? Thanks. > > > >Willy Mularto >sangprabv@gmail.com > > >------------------------------------------------------------------------------ >This SF.net email is sponsored by Windows: > >Build for Windows Store. > >http://p.sf.net/sfu/windows-dev2dev >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
On 06/19/2013 11:09 PM, Willy Mularto wrote:> There are massive attacks on specific port, I want to trap and log just the ip source to this port. Is there anyway to do so with shorewall? Thanks.No -- but you can rate-limit your logging; for example: /etc/shorewall/shoreawll.conf: LOGLIMIT="s:5/min" This cuts down considerably on the log volume while still identifying each source IP address. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev