my friend claims he hacked me, as a joke, don't know if he's serious or not, but it got me thinking, I never considered looking at the firewall logs before.
I checked them out but i'm not sure which ones are actually the firewall logs and in the logs, what to I look for that indicates an attack or someone probing my machine?
I am not sure and it would be good to know this information. I am using suse 9.1. Thanks

Are You running Susefirewall2 in with all it's default settings and have you selected the correct external interface ?
--- If yes your friend is pulling your leg unless you have an internal wireless lan.
-- else post your firewall settings

Firewall logs can be found in " /var/log/messages " but with out extra logging turned on there may be nothing there to find.

With an always on connection;
Logging all dropped packets will generate at least 500 lines a day some times many 1000's depending on virus & worm activity
Logging all packets will generate all of the above + your activity + what ever ( in short will log everything to and from )

I run with "Log all dropped packets" and forward my logs to http://www.dshield.org/ in an effort to clean up the net.

thanks for the info m_shroom. I do have the firewall set on it's default settings. In your opinion is it a good firewall? I know this is subjective but I was wondering what your opinion is, I see very little discussion on this firewall. I got no internal network runnin, so that makes me less vulnerable? anyhow thanks for the response

If you have down loaded and installed all of the security updates from SuSE (on-line update) your system would be very hard to hack, with Susefirewall2 running in its default configuration ( all ports closed or hidden ) it's all but impossible to hack over the net

Yeah, SuSE firewall's actually pretty good. The logging issue bothered me though. If you read through your root mail (either after install or after a SuSE firewall update I can't remember it's been a while), you'll find that they opted to turn firewall syslog off.

The mail will instruct you on how to edit the syslog file and what to do to turn the firewall log back on.

I posted a how to on this issue a while ago on this site if you search you'll probably find it.

Is your friend running windows?

yeah he's running windows, i'm pretty confident that suse is hard to crack but still, I used to use sygate firewall in windows and i liked it's alerts, it showed graphically and in logs if people were doing port scans and whatnot, if there were major intrusions

Is there a GUI out there that can be launched in Linux?

I have the usual set of GUIs for f-prot (my virus scanner), Synaptic (my Suse apt-get up-dater), etc.

I think the idea boils down to showing some type of "real-time" intrusion detection that can alert someone that he has just been "attacked / hacked".

exactly, I was hoped that I could have a graph show intrusion attempts running in the taskbar that i can goto, instead of having to comb through logs at some later date. If someone is hammering my PC with intrusion attempts I want to know about it and where the ip is coming from.

So has anyone found a real-time intrusion detection software that runs well on suse, preferably with a nice gui? It would be nice to know if some script kiddie is trying to hack his way into the system...

Check out Snort which is a realtime IDS that can be used in conjunction with MySQL, Apache and PHP.

Also look at tripwire

Windows user hacking into a Linux system smells pretty fishy to me.

Yeah smells fishy to me too.

If anything use your Synaptic to find Nessus. I'm sure if you use Nessus and set it up right, you can scan your friend and tell him what's wrong with his Windows machine