Re: [wallfire-users] Help about how the wflogs reads the logs
Brought to you by:
eychenne
Menu
▾
▴
Re: [wallfire-users] Help about how the wflogs reads the logs
|
From: Herve E. <rv...@wa...> - 2008-11-07 10:35:27
|
On Thu, Nov 06, 2008 at 06:39:18PM -0200, Vinícius Batistela wrote: Hi Vinícius, > i am using wflogs with the logs generated by iptables and i have a doubt. > I used the wflogs filtrating by protocols (TCP and UDP) and i generated a > XML file. Then, i wrote a script to read this XML. But, looking for the > results i got with this script and looking for the results i got using a > script that reads directly the iptables' log, i saw they are different. > So, i think that for TCP, the wflogs just consider the packages with the > SYN flag activated, that represent a try of start a connection. Am i > wrong? Well, it's supposed to consider all packets (SYN or not) by default, even if you can filter only SYN ones if you wish to do so. > So, and for UDP, i have different results too, using the xml and > reading the iptables' log directly. But the UDP protocol do not have > control mechanisms. What wflogs do about UDP? It's the same (except that there is no connection/SYN in UDP), it considers all packets by default. > Thank you for the answers. Regards, Hervé |
