Bulgrien, Kevin
2005-May-31 18:51 UTC
ULOG logging may fail on some ulogd/logrotate configurations
FYI.
I have not been able to determine 100% that logrotate does this, but ulogd
appears to stop logging whenever logrotate runs. So far, the only obvious
commonality that I see is that logrotate ran and that the
/var/log/ulogd/ulogd.syslogemu is completely empty until I restart ulogd.
I have proven that the logging is broken by manually performing a network
operation that Shorewall normally logs. When ulogd is broken and logrotate
has run, nothing is entered into the ulogd.syslogemu file, but when ulogd
is restarted, the operation does get entered into the ulogd.syslogemu file.
I make no changes to Shorewall whatsoever.
I observe this on a Mandrake 10.1 install:
shorewall-2.0.8-1.1.101mdk
ulogd-1.02-2mdk
/etc/logrotate.d/ulogd contains:
/var/log/ulogd/ulogd.log /var/log/ulogd/ulogd.syslogemu
/var/log/ulogd/ulogd.pktlog /var/log/ulogd/ulogd.pcap {
missingok
sharedscripts
postrotate
/bin/killall -HUP ulogd 2> /dev/null || true
endscript
}
I am not sure what to do to fix it properly, but at the moment, I have to
restart ulogd to resume placing of shorewall content into the log file:
# service ulogd restart
By using ULOG logging, I lose shorewall logging after logrotate runs. It
is not a shorewall problem, but people probably ought to know. I wanted
to use ulogd so that the firewall logs would not be mixed in with the
other system logs.
If anyone happens to have ulogd/logrotate set up and working fine with
Shorewall, I would be happy to see how logrotate is set up in that case,
but I recognize that this is not really the place to be asking for ulogd
and logrotate help.
---
Kevin R. Bulgrien
Product Engineer
General Dynamics C4 Systems http://www.tripointglobal.com/
VertexRSI
1915 Harrison Road Tel: 903-295-1480 x288
Longview, TX 75604-5438 Fax: 903-295-1479
CONFIDENTIAL/PROPRIETARY
Unless otherwise indicated, all information (and attachments) contained in
this e-mail communication are confidential and proprietary information owned
exclusively by the sender and/or it''s related or affiliated companies
and
shall not, without the prior written consent of the sender, be used,
disclosed, distributed, or reproduced, in whole or in part, by anyone other
than the individual or entity to whom this communication is addressed.
All use of this data is exclusively restricted to the purpose expressly
indicated within this communication.
This e-mail communication is intended for the use of the individual or
entity to whom it is addressed. If you are not the intended recipient of
this communication, you are hereby notified that any use, dissemination,
distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please notify us at once
at postmaster@TriPointGlobal.com so that we may take appropriate action,
and destroy any copies, electronic, paper, or otherwise, that you may have
of this communication.
Seemingly Similar Threads
- New Shorewall user trying to get ulogd setup
- [ulog 1.24] wrong version and no log in ulogd.log
- [Bug 986] New: ulogd fails to build against linux headers >= 3.17.0 due to ULOG target removal
- [ANNOUNCE] problems with recent ULOG patch and old ulogd
- [Bug 1240] New: logrotate: file size changed while zipping
Wisdom of the Ancients
