To change the default configuration file for FireScreen, make sure the Configuration File check box is selected and enter the full pathname of the configuration file you want to use in the field provided.

Screening records will be logged in the

/var/adm/syslog.dated/$DATE/daemon.logfile (where the value of $DATE is incremented every 24 hours based on the time that the system was last booted).

2.When the syslog.conf file does not contain a daemon entry, the /var/adm/ firescreen.log file is used to log screening events. (This corresponds to the -Loption.)

By default, screening records are logged with other daemons' log records (in the file specified by the daemon entry in the /etc/syslog.conf file) by syslog. To specify a separate file in which only screening records will be logged, make sure the Log File check box is selected and enter the full pathname of the log file you want to use in the field provided.

3.Screening events will be logged using the /usr/sbin/syslogd daemon. (This corresponds to the -soption.)

Note:

FireScreen uses the syslogd daemon to log screening errors, regardless of whether or not the Syslog Logging (-s) or Log File (-L) command-line options are enabled.

4.To log all packets, ensure that the Log All Packets check box is selected. If the check box is not selected, packets are not logged. (This corresponds to the -loption.)

5.Logging records will include the line number from the /etc/firescreen.conf configuration file corresponding to the rule that caused the event to be logged. This information is useful for debugging configuration file problems. (This corresponds to the -roption.)

To omit screening rule line numbers from log file entries, ensure that the Log Rule Numbers check box is not selected.

6.Click on Submit.

The Set Options confirmation page shows you the command-line options for FireScreen, as shown in Figure 50.

Figure 50 Set Options Confirmation Page

You must restart FireScreen for the default command-line option changes to take effect (Section : Starting and Stopping FireScreen). However, if you specify a configuration file or log file other than the default, the file you specify is modified and read by the FireScreen Administration pages immediately, without restarting FireScreen.

For more information on specifying command-line options for FireScreen, see the screend(8) reference page.

FireScreen Administration 177

Page 177
Image 177
HP UX Internet Express Software manual Set Options Confirmation