Is there any way to stop a certain event from being logged or at least not logged as often as it is? My audit logs are filled with NTP requests.
Also, is there any suggestions for firewalls other than FireStarter.
Printable View
Is there any way to stop a certain event from being logged or at least not logged as often as it is? My audit logs are filled with NTP requests.
Also, is there any suggestions for firewalls other than FireStarter.
As far as a recommendation for an iptables config tool, shorewall is quite easy to use, although it does not come with a nice gui like firestarter. It does, however, support quite a few logging options, so you could possibly change the log level for the traffic you don't want to log. If not, you can definitely send shorewall's output to a file of you choosing, and set a cron job to run every little while that would cut the offending entries out and redirect output to another file to read.
On my linux box I use iptables and now build my policy with fwbuilder. www.fwbuilder.org
It works quite well. :)
fwbuilder will generate a fw script. then just add that to your startup.
You can specify what you want logged per rule. Its just a front end for configuring iptables from hand. It can be a pain... so the GUI is nice. You can save your policy and edit it whenever. Just run the script to apply new rules. But, make sure to copy new script over to startup at each change.