Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
81828384858687888990
Firewall Building Concepts
Logging Techniques
Chapter 4 71
Example:
block in log level auth.info quick on lan0 from 20.20.20.0/24
to any
block in log level auth.alert quick on lan0 proto tcp from any
to 20.20.20.0/24 port = 21
first
You can use the first option with the log keyword to log only the first
instance of a certain type of packet. For example, it might not be
important to log 500 attempts to probe your telnet port from one source.
It is a good idea to log the first attempt, however.
The first option only applies to packets in a specific session. You can
use the first option to monitor traffic on your system. For best results,
use the first option in conjunction with rules that use pass and keep
state.
Example:
pass in log first proto tcp from amy to any flags S keep state
body
You can use the body option with the log keyword to track parts of an IP
packet in addition to the packet header information. IPFilter logs the
first 128 bytes of a packet if the body option is specified. For example:
block in log body proto tcp from 192.168.1.1 to any flags S
keep state
NOTE Using the body option with the log keyword can make your log files very
long. Limit the use of the body option to necessary instances.