Clearly there are many more combinations possible.

It is therefore possible to write rules which log inbound and outbound traffic, or to construct several rules which differentiate between the two.

Rate Limiting

iptables has the facility for rate-limiting the log messages that are generated, in order to avoid denial of service issues arising out of logging these access attempts. To achieve this, use the following option:

--limit rate

rate is the maximum average matching rate, specified as a number with an optional /second, /minute, /hour, or /day suffix. The default is 3/hour.

--limit-burst number

number is the maximum initial number of packets to match. This number gets recharged by one every time the limit specified above is not reached, up to this number. The default is 5.

iptables has many more options. Perform a web search for manpage iptables to find the relevant documentation.

The LOG rules configured by default (e.g. Default Deny:) are all limited to:

--limit 3/hour --limit-burst 5

Administrative Access Logging

When a user tries to log onto the SnapGear Management Console web administration pages, one of the following log messages appears:

Jan 30 03:00:18 2000 boa: Authentication successful for root from 10.0.0.2

Jan 30 03:00:14 2000 boa: Authentication attempt failed for root from 10.0.0.2

101

Appendix B – System Log

Page 104
Image 104
SnapGear 1.7.8 manual Rate Limiting, Administrative Access Logging