njz
09-07-2004, 11:09 AM
hello..anybody can help me..i am wondering how do i retrieve and read my log file after i have execute a line of command to block icmp(dos attack) and forward it to LOG...thanx for ur kind help
Click to See Complete Forum and Search --> : trace log file
Gertrude
09-07-2004, 11:44 AM
I would first check here.
/var/log/security
If its not there then check your syslog config file, and look for the location where those alerts would be sent to.
/var/log/security
If its not there then check your syslog config file, and look for the location where those alerts would be sent to.
bwkaz
09-07-2004, 06:25 PM
The log messages go wherever you have (or your distro has) configured syslog to send them. :p
They're sent to syslog with a facility code of "kern", so check for references to "kern" in your /etc/syslog.conf file (that assumes that your distro uses sysklogd, and not something like syslog-ng, for logging).
Also, as I asked in your previous thread on this topic (here (http://www.justlinux.com/forum/showthread.php?s=&threadid=132539)), you do know that not all ICMP is evil, right? Blocking the wrong ICMP packets will cause network error messages to never make it back to your machine...
They're sent to syslog with a facility code of "kern", so check for references to "kern" in your /etc/syslog.conf file (that assumes that your distro uses sysklogd, and not something like syslog-ng, for logging).
Also, as I asked in your previous thread on this topic (here (http://www.justlinux.com/forum/showthread.php?s=&threadid=132539)), you do know that not all ICMP is evil, right? Blocking the wrong ICMP packets will cause network error messages to never make it back to your machine...
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.