Hi, I''m struggling to figure out how/where to implement a rule triggering "LOGMARK" output?>From grepping the code it looks like I can raise the priority of alllogging in shorewall.conf to be "LOGMARK", but it seems that you need both LOG and LOGMARK output to do anything useful? I can''t get my head around the rest of the code to see how else it can be used, but it definitely looks like I can do more? Can someone please help me out with an example LOGMARK line, presumably in "rules"? The intent is to debug my tcrules and so I really need to be able to target LOGMARK rules in the chains of my choice and matching only certain packets. Currently doing it by hand, but would be great if there was a shorewall supported method? Shorewall 4.4.20.3 Many thanks! Ed W ------------------------------------------------------------------------------ AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on "Lean Startup Secrets Revealed." This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev
Pretty please - an example? Thanks Ed W On 15/07/2011 19:29, Ed W wrote:> Hi, I''m struggling to figure out how/where to implement a rule > triggering "LOGMARK" output? > >>From grepping the code it looks like I can raise the priority of all > logging in shorewall.conf to be "LOGMARK", but it seems that you need > both LOG and LOGMARK output to do anything useful? I can''t get my head > around the rest of the code to see how else it can be used, but it > definitely looks like I can do more? > > Can someone please help me out with an example LOGMARK line, presumably > in "rules"? > > The intent is to debug my tcrules and so I really need to be able to > target LOGMARK rules in the chains of my choice and matching only > certain packets. Currently doing it by hand, but would be great if > there was a shorewall supported method? > > Shorewall 4.4.20.3 > > Many thanks! > > Ed W > > ------------------------------------------------------------------------------ > AppSumo Presents a FREE Video for the SourceForge Community by Eric > Ries, the creator of the Lean Startup Methodology on "Lean Startup > Secrets Revealed." This video shows you how to validate your ideas, > optimize your ideas and identify your business strategy. > http://p.sf.net/sfu/appsumosfdev2dev > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Magic Quadrant for Content-Aware Data Loss Prevention Research study explores the data loss prevention market. Includes in-depth analysis on the changes within the DLP market, and the criteria used to evaluate the strengths and weaknesses of these DLP solutions. http://www.accelacomm.com/jaw/sfnl/114/51385063/
LOGMARK is simply a log level, just like ''info'' or
''NFLOG''. You use it
any place that a log level may be used. If you simply want to log a
packet
LOG:LOGMARK <source zone> <dest zone> ...
in the rules file.
-Tom
On Tue, 2011-07-19 at 09:00 +0100, Ed W wrote:
> Pretty please - an example?
>
> Thanks
>
> Ed W
>
> On 15/07/2011 19:29, Ed W wrote:
> > Hi, I''m struggling to figure out how/where to implement a
rule
> > triggering "LOGMARK" output?
> >
> >>From grepping the code it looks like I can raise the priority of
all
> > logging in shorewall.conf to be "LOGMARK", but it seems that
you need
> > both LOG and LOGMARK output to do anything useful? I can''t
get my head
> > around the rest of the code to see how else it can be used, but it
> > definitely looks like I can do more?
> >
> > Can someone please help me out with an example LOGMARK line,
presumably
> > in "rules"?
> >
> > The intent is to debug my tcrules and so I really need to be able to
> > target LOGMARK rules in the chains of my choice and matching only
> > certain packets. Currently doing it by hand, but would be great if
> > there was a shorewall supported method?
> >
> > Shorewall 4.4.20.3
> >
> > Many thanks!
> >
> > Ed W
> >
> >
------------------------------------------------------------------------------
> > AppSumo Presents a FREE Video for the SourceForge Community by Eric
> > Ries, the creator of the Lean Startup Methodology on "Lean
Startup
> > Secrets Revealed." This video shows you how to validate your
ideas,
> > optimize your ideas and identify your business strategy.
> > http://p.sf.net/sfu/appsumosfdev2dev
> > _______________________________________________
> > Shorewall-users mailing list
> > Shorewall-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>
------------------------------------------------------------------------------
> Magic Quadrant for Content-Aware Data Loss Prevention
> Research study explores the data loss prevention market. Includes in-depth
> analysis on the changes within the DLP market, and the criteria used to
> evaluate the strengths and weaknesses of these DLP solutions.
> http://www.accelacomm.com/jaw/sfnl/114/51385063/
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
On Tue, 2011-07-19 at 06:09 -0700, Tom Eastep wrote:> LOGMARK is simply a log level, just like ''info'' or ''NFLOG''. You use it > any place that a log level may be used. If you simply want to log a > packet > > LOG:LOGMARK <source zone> <dest zone> ... > > in the rules file.Hmmm -- it seems that the LOGMARK target is broken. I''ll work on a fix. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Magic Quadrant for Content-Aware Data Loss Prevention Research study explores the data loss prevention market. Includes in-depth analysis on the changes within the DLP market, and the criteria used to evaluate the strengths and weaknesses of these DLP solutions. http://www.accelacomm.com/jaw/sfnl/114/51385063/
On Tue, 2011-07-19 at 06:34 -0700, Tom Eastep wrote:> On Tue, 2011-07-19 at 06:09 -0700, Tom Eastep wrote: > > LOGMARK is simply a log level, just like ''info'' or ''NFLOG''. You use it > > any place that a log level may be used. If you simply want to log a > > packet > > > > LOG:LOGMARK <source zone> <dest zone> ... > > > > in the rules file. > > Hmmm -- it seems that the LOGMARK target is broken. > > I''ll work on a fix.A patch is attached. To apply: a) Save the attachment (LOGMARK.patch) b) cd /usr/share/shorewall/Shorewall/ (assuming that''s where your distribution installs the Shorewall Perl modules) c) patch < path/to/LOGMARK.patch The patch applies (with offsets) back to at least Shorewall 4.4.11. The syntax for invoking LOGMARK is: LOGMARK(<priority>) where <priority> is a syslog priority (values 0-7, or debug, info, notice, etc.). Example rule: LOG:LOGMARK(info) lan dmz udp 1234 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Magic Quadrant for Content-Aware Data Loss Prevention Research study explores the data loss prevention market. Includes in-depth analysis on the changes within the DLP market, and the criteria used to evaluate the strengths and weaknesses of these DLP solutions. http://www.accelacomm.com/jaw/sfnl/114/51385063/