The FW_MSG_SEARCH variable defines how psad searches iptables log messages. To restrict psad to analyze only those log messages that contain a specific log prefix (defined in an iptables LOG rule with the --log-prefix argument to iptables), define the prefix with the FW_MSG_SEARCH variable. This allows iptables to be configured to assign other log prefixes to packets without having psad analyze them.

For example, to have psad analyze only iptables log messages that contain the string DROP, configure the FW_MSG_SEARCH variable like so:


Was this article helpful?

0 0

Post a comment