firewalld – enable logging

firewalld by default does not allow packets that are dropped. In some cases, you need to find out if some packet is being dropped or not. For doing so you may want to enable logging of dropped packets with the following command:

sudo firewall-cmd  --set-log-denied=all

This will enable logging all the packets and help you figure out if firewalld is dropping the packet.

log analysis with perl and wireshark decode.

Here is something that I had to do in couple of hours to check the logs. The problem was the log file was printing the Received and Sent message in the hex format. I had to verify if the messages were correct. So here is how to do it.

open(FP, \”<$ARGV[0]\”)|| die \”File $ARGV[0] does not exist\”;
while ($line = <FP>)
{

if ($line =~ /(Received :)|(Sending :)/)

{

@words = split(/\\|/, $words[4]);
$received = $words[1];

# Convert to pcap using proprietery software.
system(\”tshark -r /tmp/amit.pcap -V|grep -E -i \”Amit\\|Agarwal\”\”); # The grep expression only displays the fields of interest.

}

Another techique that is quite helpful is to use different color for grep when you are searching for error/warning. This can be done using:

GREP_COLOR=\”01;31\” && tshark command

[[danscartoon]]