Appendix b – system log, Access logging – SnapGear 1.7.8 User Manual

Appendix B – System Log

Access Logging

It is possible to log any traffic that arrives at or traverses the SnapGear appliance. The
only logging that is enabled by default is to take note of packets that were dropped.
While it is possible to specifically log exactly which rule led to such a drop, this is not
configured by default. All rules in the default security policy drop packets. They never
reject them. That is, the packets are simply ignored, and have no responses at all
returned to the sender. It is possible to configure reject rules if so desired.

All traffic logging performed on the SnapGear appliance creates entries in the syslog
(/var/log/messages - or external syslog server) of the following format:

klogd: IN= OUT=interface> MAC= SRC=

DST=> SPT= DPT=

Where:

if non-empty, hints at cause for log entry

will be empty, or one of eth0, eth1 and similar

as per incoming interface

MAC addresses associated with the packet

packet claims it came from this IP address

packet claims it should go to this IP address

packet claims it came from this TCP port

packet wants to go to this TCP port

Depending on the type of packet and logging performed some of the fields may not
appear.

Appendix B – System Log

96