IPCop.org FAQs (frequently-asked questions)

Not necessarily.

There are two places that contain security related log entries.

Logs > Firewall contains the firewall logs. What you see here are connection attempts from the outside that were deflected. This is of interest because it will tell you what ports people are trying to attack you on. Things in this log DID NOT make it into your network. Not every log entry indicates a malicious attempt to break into your network. An entry could also indicate a mistake (someone mis-typing an IP address and accidentally connecting to your network), a mis-configured device, etcetera. For the most part, the firewall logs are useful to indicate what was going on, in case you need to figure out why something that should get through doesn't.

Logs > Intrusion Detection System contains the IDS logs. What you see here are connections that, depending of firewalling rules, may make it into your network and contained signs of an attack. Again, this does not necessarily mean that someone was breaking into your network. Some of the rules that trigger the IDS can also be triggered by normal traffic. If you're certain that the IDS is triggered by legitimate traffic you might consider turning the corresponding rule off (see also "How can I stop the IDS from logging things that I do not want logged?"). It is wise to always investigate what caused an IDS log entry. It might be that you were attacked.


[x] 1.1 [x]1.2 [x]1.3 [x]1.4 All versions

Linux logging is in /var/log, with messages being the main system log.

Other interesting logs in this directory are:

dmesg: hardware info gathered during the Linux bootup process
secure: the log of security concerns and accesses
cron: the log of cron jobs running

Apache logs are in /var/log/httpd and consist of access_log, error_log, ssl_request_log and ssl_engine_log.

Snort logs are kept in /var/log/snort and consist of alert and portscan.log

Squid logs are kept in /var/log/squid and consist of access.log, cache.log and store.log


[x] 1.1 [x]1.2 [x]1.3 All versions

You can use SCP or WinSCP to copy the logs to another machine. You need to turn on SSH using the wbe front end. If you are accessing the IPCop remotely open port 222 on RED. Remember that IPCop runs SSH on port 222 not port 22!


[x] 1.1 [x]1.2 [x]1.3 All versions

See this in the add-ons / hacks section. Please read the warning first.


[x] 1.1 [x]1.2 [x]1.3 All versions

Many of the logs are rotated into a compressed format already. Active logs are not compressed so they can be easily accessed for presentation in the administration panel.

IPCop version 1.2 and older: Logs in /var/log are rotated weekly and kept for 8 cycles.

Logs in /var/log/squid are rotated weekly and kept for 5 cycles.

Logs in /var/log/snort are rotated weekly and kept for 5 cycles.

IPCop version 1.3: Logs in /var/log are rotated weekly and kept for 52 cycles.

Logs in /var/log/squid are rotated weekly and kept for 52 cycles.

Logs in /var/log/snort are rotated weekly and kept for 52 cycles.

The logs are automatically rotated and compressed early on Sunday mornings, so if you look for information from the previous week, it will appear to have vanished. The information is still there, but you will have to decompress the relevant file to access it. Look in the /var/log directory.

To force a rotation of the logs, logon as root and execute the command:

/usr/sbin/logrotate -f /etc/logrotate.conf


[x] 1.1 [x]1.2 [x]1.3 All versions

This is a basic Linux distribution, so anything can be accomplished with enough hacking. There are no database managers running or installed on IPCop.


[x] 1.1 [x]1.2 [x]1.3 All versions

There are many utilities available to analyze Linux logs. There are also utilities to analyze Snort and Squid logs. Please see the respective project web pages for further information.


[x] 1.1 [x]1.2 [x]1.3 All versions

See this in the IP-Cop add-ons / hacks page. Please read the warning.


[x] 1.1 [x]1.2 [x]1.3 All versions

See this answer in the IPCopAddons page.


[x] 1.1 [x]1.2 [x]1.3 All versions