Qustion regarding: linux:iptables:firewalld
Closed this issue · 5 comments
I'm currently looking fo a config of a firewalld log.
So far I only found out the firewalld only logs denied packages.
How did you do the logging in this case?
Are you looking for a way to enable logging of denied packets and then log them to a separate file? if so, you can use the following link to enable logging and then use rsyslog to write those events to their own file: https://www.cyberciti.biz/faq/enable-firewalld-logging-for-denied-packets-on-linux/
Once you have separated the firewall logs into their own file, you will need to set up a monitoring stanza in inputs.conf to watch the logs.
Does that answer your question?
Hey, no I'm looking für a way to log allowed, packtes.
Do you know a possibility here?
You can try to use rich rules. Here is a blog post that contains a simple example: https://basildoncoder.com/blog/logging-connections-with-firewalld.html
Yeah, thx for the link.
I stumbeled over it but dismissed the solution, after rereading it it seems much more valid to me.
Thx for pointing me there, I'll give it a shoot.
I'm going to create some documentation around this and add some configurations to this add-on to ensure it is extracting the correct fields.