Instructions for shorewall

[rhy-ama]

Hello, Are there any specific instructions to make psad work on top of shorewall?

cc @thanos-massias - i saw you mention something specific to shorewall in the other thread. would you mind sharing ?

[thanos-massias]

I no longer have access to that code but, if my memory serves me right, it had something to do with us using a custom log format which we couldn't change without breaking other things, so we had to also change a couple of lines of psad code.

[rhy-ama]

@thanos-massias thank you

Yes indeed, FW_MSG_SEARCH Shorewall:DROP; in /etc/psad/psad.conf configuration file is the requirement to parse shorewall syslog entries.