fw_search.conf

Revision 1061, 1.5 kB (checked in by mbr, 5 years ago)
added FW_SEARCH_ALL var to control how psad parses iptables messages
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`

Line
1	### The FW_SEARCH_ALL variable controls has psad will parse iptables
2	### messages. If it is set to "Y" then psad will parse all iptables
3	### messages for evidence of scan activity. If it is set to "N" then
4	### psad will only parse those iptables messages that contain logging
5	### prefixes specified by the FW_MSG_SEARCH variable below. Logging
6	### prefixes are set with the --log-prefix command line option to iptables.
7	### Setting FW_SEARCH_ALL to "N" is useful for having psad only analyze
8	### iptables messages that are logged out of a specific iptables chain
9	### (multiple strings can be searched for, see the comment above the
10	### FW_MSG_SEARCH variable below) or a specific logging rule for example.
11	### FW_SEARCH_ALL is set to "Y" by default since usually people want psad
12	### to parse all iptables messages.
13	FW_SEARCH_ALL Y;
14
15	### The FW_MSG_SEARCH variable can be modified to look for logging messages
16	### that are specific to your firewall configuration (specified by the
17	### "--log-prefix" option. For example, if your firewall uses the
18	### string "Audit" for packets that have been blocked, then you could
19	### set FW_MSG_SEARCH to "Audit"; The default string to search for is
20	### "DROP". Both psad and kmsgsd reference this file. NOTE: You can
21	### specify this variable multiple times to have psad search for multiple
22	### strings. For example to have psad search for the strings "Audit" and
23	### "Reject", you would use the following two lines:
24	#FW_MSG_SEARCH Audit;
25	#FW_MSG_SEARCH REJECT;
26
27	FW_MSG_SEARCH DROP;

Note: See TracBrowser for help on using the browser.

Download in other formats:

Original Format