I would like logwatch to show me the log entries from syslog that belong to ufw.
(This is Ubuntu 12.04, my box at home.)
Ufw is version 0.31.1-1; logwatch is version 7.4.0. Ufw is logging ("on:low"). Its policy is set to "Default: deny (incoming), allow (outgoing)".
logwatch is set to report on all services ("Service = All") but it doesn't capture ufw. And I don't know the correct way to make it do so.
Here's what a log entry in syslog from ufw looks like:
[ 7553.695937] [UFW BLOCK] IN=wlan0 OUT= MAC=xxxx SRC=ipaddr DST=ipaddr LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 [ 7554.101664] [UFW BLOCK] IN=wlan0 OUT= MAC=xxxx SRC=ipaddr DST=ipaddr LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=17351 PROTO=2 I find it refreshing to see a summary of the deny reports :) Could you help me?
[link][1 comment]