Hi there, I’ve a problem whit logging.
I don’t know if I’m doing the configuration in a wrong way, or just it’s not possible… but I want to be able to log the changes that are made in the firewall filter rules, or the NAT rules.
I just get the “log rule changed by admin” message, and I want more details about that changes. Is this possible?
I don’t think there is a built in easy way… but a possible solution:
- Create a script to export the firewall rules to a file.
- Use the scheduler to run this script however often you want.
- Use a different computer to download this file via ftp using the same schedule. Compare files and check for differences.
This could be done manually or you could probably automate the whole thing with a bit of work.
Better logging would be a big plus, for PCI compliancy and security in general.
Agreed. The basic logging is helpful to some degree, but it would be very nice to have the option to turn on detailed logging that shows what was actually changed. Maybe something like:
Fri/30/2012 08:05:13 system info ip firewall filter, add action=accept chain=input disabled=no in-interface=ether1 src-address=192.168.50.0/24