Shorewall users - Mar 2002 - ulog support in shorewall?

Hi,
I''ve  just  recently  switched off my (lame) hardware firewall onto an
old  box running linux 2.4.18, iptables 1.2.6 and shorewall 1.2.9. I''m
kinda  new  to linux firewalling myself but so far Shorewall has taken
much work from me.
While  reading myself into iptables I saw that just recently something
called  ULOG (userspace logging) has been implemented in newer kernels
and  iptables.  I''d be very interested to use ULOG in combination with
shorewall  as  the  firewall  box only has about 20megs free space for
logging  (and  didn''t  like  my hdupgrade attempts either). If I could
have  iptables  put  the logs into seperate files (or into an external
mysql  db)  rather  than  into  the  main  syslog,  I''d have much less
regular cleaning to do.

Would  it be possible to add support for ulog(ging) into shorewall? Or
can it be done in 1.2.9 already?

Thank you for your time.

 ( o>
 ///\
_\V_/_____________________________
[Sam]<mailto:xplo@xplo.org>
http://www.xplo.org/

* "C makes it easy to shoot yourself in the foot; C++ makes it harder, but
when you do, it blows away your whole leg." *

It would be possible to support ULOG but it''s not there yet.

-Tom


----- Original Message -----
From: "Samuel Graenacher" <xplo@xplo.org>
To: <shorewall-users@shorewall.net>
Sent: Sunday, March 17, 2002 7:42 AM
Subject: [Shorewall-users] ulog support in shorewall?

> Hi,
> I''ve  just  recently  switched off my (lame) hardware firewall
onto an
> old  box running linux 2.4.18, iptables 1.2.6 and shorewall 1.2.9.
I''m
> kinda  new  to linux firewalling myself but so far Shorewall has taken
> much work from me.
> While  reading myself into iptables I saw that just recently something
> called  ULOG (userspace logging) has been implemented in newer kernels
> and  iptables.  I''d be very interested to use ULOG in combination
with
> shorewall  as  the  firewall  box only has about 20megs free space for
> logging  (and  didn''t  like  my hdupgrade attempts either). If I
could
> have  iptables  put  the logs into seperate files (or into an external
> mysql  db)  rather  than  into  the  main  syslog,  I''d have much
less
> regular cleaning to do.
>
> Would  it be possible to add support for ulog(ging) into shorewall? Or
> can it be done in 1.2.9 already?
>
> Thank you for your time.
>
>  ( o>
>  ///\
> _\V_/_____________________________
> [Sam]<mailto:xplo@xplo.org>
> http://www.xplo.org/
>
> * "C makes it easy to shoot yourself in the foot; C++ makes it harder,
but
when you do, it blows away your whole leg." *
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net
> http://www.shorewall.net/mailman/listinfo/shorewall-users
>

> and  iptables.  I''d be very interested to use ULOG in combination
with
> shorewall  as  the  firewall  box only has about 20megs free space for
> logging  (and  didn''t  like  my hdupgrade attempts either). If I
could
> have  iptables  put  the logs into seperate files (or into an external
> mysql  db)  rather  than  into  the  main  syslog,  I''d have much
less
> regular cleaning to do.
If you''re low on disk space, why not set up a dedicated logging host? 
You
can configure syslog to send all its messages to syslog running on a remote
host.

Not only would this allow you to save space on your firewall, but it makes
it harder for a cracker to cover his tracks if he compromises your firewall.

Cheers,
Scott