/usr/share/doc/lire/user-manual/ch10s04.html is in lire-doc 2:2.1.1-2.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>IPTables</title><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Lire User's Manual"><link rel="up" href="ch10.html" title="Chapter 10. Firewall Supported Log Formats"><link rel="prev" href="ch10s03.html" title="IP Filter"><link rel="next" href="ch10s05.html" title="WebTrends Enhanced Log Format"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">IPTables </th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch10s03.html">Prev</a> </td><th width="60%" align="center">Chapter 10. Firewall Supported Log Formats</th><td width="20%" align="right"> <a accesskey="n" href="ch10s05.html">Next</a></td></tr></table><hr></div><div class="section" title="IPTables"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id383738"></a>IPTables </h2></div></div></div><p>IPTables will log packets marked for logging through
<span class="command"><strong>syslog</strong></span> (actually the kernel log buffer
which is usually sent to <span class="command"><strong>syslog</strong></span>).
<span class="application">Lire</span> expects the logs in the form of a syslog log file.
</p><p>A problem with logs from IPTables is that we have no
real idea of what happened with the packet (was it denied
or permitted). The logging module of IPtables permit to
tag each logged packet with a prefix. <span class="application">Lire</span> will
interpret packets having a prefix which contains the
strings <code class="literal">denied</code>,
<code class="literal">drop</code>, <code class="literal">deny</code> or
<code class="literal">reject</code> as denied packets. All other
packets will have an unknown <span class="type">action</span> value
(<code class="literal">-</code>).
</p><div class="example"><a name="id383805"></a><p class="title"><b>Example 10.4. IPTables Log Sample</b></p><div class="example-contents"><pre class="programlisting">
Sep 21 11:45:17 lire kernel: Packet-drop IN=eth0 OUT=eth0 SRC=10.0.0.1 \
DST=10.0.0.2 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=38365 DF \
PROTO=TCP SPT=3117 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
Sep 21 11:45:20 lire kernel: Packet-drop IN=eth0 OUT=eth0 SRC=10.0.0.1 \
DST=10.0.0.2 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=38478 DF \
PROTO=TCP SPT=3117 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
Sep 21 11:45:26 lire kernel: Packet-drop IN=eth0 OUT=eth0 SRC=10.0.0.1 \
DST=10.0.0.2 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=38680 DF \
PROTO=TCP SPT=3117 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
Sep 21 11:52:46 lire kernel: Packet-drop IN=eth0 OUT=eth0 SRC=10.0.0.1 \
DST=10.0.0.3 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=54122 DF \
PROTO=TCP SPT=4532 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
Sep 21 11:52:49 lire kernel: Packet-drop IN=eth0 OUT=eth0 SRC=10.0.0.1 \
DST=10.0.0.3 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=54222 DF \
PROTO=TCP SPT=4532 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
Sep 21 11:52:55 lire kernel: Packet-drop IN=eth0 OUT=eth0 SRC=10.0.0.1 \
DST=10.0.0.3 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=54443 DF \
PROTO=TCP SPT=4532 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
</pre></div></div><br class="example-break"></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch10s03.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ch10.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ch10s05.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">IP Filter </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> WebTrends Enhanced Log Format</td></tr></table></div></body></html>
|