[lug] IPcop / Smoothwall log help
Daniel Webb
lists at danielwebb.us
Thu Jun 23 22:54:16 MDT 2005
On Thu, Jun 23, 2005 at 09:33:59AM -0700, Matt James wrote:
> Not being a Linux security expert I was hoping that some one in
> this group might be able to help out a newbie. I have been playing
> with both IPcop and Smoothwall distributions of linux based firewalls.
> They work GREAT by the way. The issue I'm having is that the log files
> are a bit cryptic. I get some of what it's trying to tell me but my
> eye is really not trained enough to know what is an attack and what is
> a legitimate google crawler. I'm looking for some one(s) that would be
> willing to sit down with me for a hour or so and teach me a little bit
> about what this thing spews out of the log. I know you guys have
> meetings and so forth so maybe it's best that I come to one of those.
> Another possibility is online documentation on this sort of thing - but
> I'm not quite sure where to look without chasing my tail for hours.
> Any help or direction would be greatly appreciated.
My experience is that if you're on a fixed IP address, you'll get hammered
constantly with scanners of all types. For that reason, watching the firewall
log files for security reasons is a waste of time in my opinion. You'll be
better off spending your time securing your system: start with the basics like
turning off unused services (netstat -al will show you listening processes).
More information about the LUG
mailing list