How to check firewall log?

[akong]

I want know the firewall function.
But I can't view some logs on queue logs.
It's firewall logs always clean.
Please tell me how to settings firewall logs.
Thanks a lot.

[Javier Amor Garcia]

Hi,
 in order to activate the firewall log you ust do two tings:
 - activate the logs module (in Module Status section)
 - configure the logs and activate the firewall logs. Those are disabled by ddefault because they became huge in short time.

Rememeber that only are logged the rejected packets and the LOG targets.

Cheers,
  Javier

[akong]

OK,
I have enabled logs modules.
And I have enabled follow function
Events-->Log observer-->Configure-->Firewall-->Action then click enabled and save change
Events-->Log observer-->Configure-->Firewall-->Filter-->Add new
I only choose events to any and click add.
Then I click save changes to apply settings.
I click Logs section and click queue logs.
I can't found some logs.
Is it all right?

[Javier Amor Garcia]

You don;t need to configure a observer to see whether the firewall logs are working. Go to Logs->Query Logs and select the firewall module.
You hsould see some lines there.

[akong]

So,if I want log.
Must I set block rule and add new LOG rule?
Could you tell me step by step to study?

[Javier Amor Garcia]

Ok, only two things are logged:
 - packets with are blocked
 - packet which have a LOG rule

So to see if its works the easier way is to hit the eBox with a traffic you know for sure it will be blocked

[akong]

So,
Is like a follow settings?

LOG       any      eBox ssh       --      
DENY    any    eBox ssh    --    
LOG            any   eBox administration    --    
DENY    any    eBox administration    --