Hi! Shorewall is not logging anything. Even if I do a portscan. What might be the source of the problem; on all other hosts it is working just fine. Thanks in advance, Christian
On Tue, 23 Apr 2002, Christian Lox wrote:> Hi! > > Shorewall is not logging anything. > Even if I do a portscan. >Just to clarify, Shorewall NEVER logs anything -- it rather instructs Netfilter what to log.> What might be the source of the problem; on all other hosts it is > working just fine.Does ''dmesg'' show the ''Shorewall'' log messages? If so, it is a problem with your syslogd configuration. If dmesg shows nothing also, how do you have LOGBURST and LOGRATE set? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Mon, 22 Apr 2002, I wrote:> Just to clarify, Shorewall NEVER logs anything -- it rather instructs > Netfilter what to log.Well - not quite true. Shorewall does call ''logger'' when it is started, stopped, restarted, or refreshed. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep wrote:> On Tue, 23 Apr 2002, Christian Lox wrote: > > >>Hi! >> >>Shorewall is not logging anything.[...]>> > > Does ''dmesg'' show the ''Shorewall'' log messages? If so, it is a problemHm, dmesg shows the messages from boot and nothing else.> with your syslogd configuration. If dmesg shows nothing also, how do youJust checked syslogd.conf and dmesg on another host. These are both SuSE 7.2 machines and the syslog configuration is exactly the same. The other machine does log as expected. Strange.> have LOGBURST and LOGRATE set? >Both are empty. I actually did set them to 10/hour and 5 but changed rather soon. After change I did a shorewall stop && shorewall start Christian
On Tue, 23 Apr 2002, Christian Lox wrote:> Tom Eastep wrote: > > > On Tue, 23 Apr 2002, Christian Lox wrote: > > > > > >>Hi! > >> > >>Shorewall is not logging anything. > > > [...] > > > > >> > > > > Does ''dmesg'' show the ''Shorewall'' log messages? If so, it is a problem > > > Hm, dmesg shows the messages from boot and nothing else. > >Are the message and byte counts for Netfilter rules with the LOG target being incremented? I haven''t see a problem like this on the 2.4 kernels - they were rather frequent under 2.2. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep wrote: [...]>> >>Hm, dmesg shows the messages from boot and nothing else. >> > Are the message and byte counts for Netfilter rules with the LOG target > being incremented? >Where can I check this? Thanks for your help so far. Kernel is a freshly installed 2.4.18. Christian
On Tue, 23 Apr 2002, Christian Lox wrote:> Tom Eastep wrote: > > [...] > >> > >>Hm, dmesg shows the messages from boot and nothing else. > >> > > Are the message and byte counts for Netfilter rules with the LOG target > > being incremented? > > > > > Where can I check this? >shorewall status -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep wrote:> On Tue, 23 Apr 2002, Christian Lox wrote: > > >>Tom Eastep wrote: >> >>[...] >> >>>>Hm, dmesg shows the messages from boot and nothing else. >>>> >>>> >>>Are the message and byte counts for Netfilter rules with the LOG target >>>being incremented? >>> >>> >> >>Where can I check this? >> >> > > shorewall status >So I do look at the lines which di have target LOG, right? The first two colums (pkts bytes) there always seem to be 0. Christian