Shorewall users - Jun 2002 - redirecting logs to another-file.log

greetings,

i''ve recently installed shorewall - everything works fine _except_ the 
logging; i want to log all the shorewall messages to a sep. log-file (as 
opposed to logging to /var/log/messages) - now, having scanned through the 
mailing list archives and the documentation, i added:

kern.info                          /var/log/messages.shorewall

... in my syslog.conf - but, as someone pointed out on the list, this
naturally logs all kern.info messages to messages.shorewall, and 
hence the question: is there anyway of logging _only_ the shorewall logs 
to messages.shorewall?

thanks in advance,
//adrian papari.

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/L/P d+ s+: !a C++ UL+ !P L++(+++) E---@ W+ N+ o? K? w--- !O M--
V? !PS !PE !Y !PGP t+++ 5-- X- R-@ tv-->! b+++>++++ DI !D !G !e r? z?
------END GEEK CODE BLOCK------

Adrian Papari wrote:
> greetings,
>
> i''ve recently installed shorewall - everything works fine _except_
the
> logging; i want to log all the shorewall messages to a sep. log-file (as
> opposed to logging to /var/log/messages) - now, having scanned through the
> mailing list archives and the documentation, i added:
>
> kern.info                          /var/log/messages.shorewall
>
> ... in my syslog.conf - but, as someone pointed out on the list, this
> naturally logs all kern.info messages to messages.shorewall, and
> hence the question: is there anyway of logging _only_ the shorewall logs
> to messages.shorewall?
Syslogd controls all the logging.  The standard syslogd provided with Red Hat
(and i presume most other distros) does not support application-based
logging.  Some of the syslogd replacements such as syslog-ng may do so.

Is there really any need to separate ''shorewall'' messages (in
quotes, because
they''re actually kernel netfilter messages, not shorewall) from the
rest of
the kernel.  Why not just accept that all kernel messages will appear in one
file?

Paul
http://paulgear.webhop.net

> > greetings,
> >
> > i''ve recently installed shorewall - everything works fine
_except_ the
> > logging; i want to log all the shorewall messages to a sep. log-file
(as
> > opposed to logging to /var/log/messages) - now, having scanned through
the
> > mailing list archives and the documentation, i added:
> >
> > kern.info                          /var/log/messages.shorewall
> >
> > ... in my syslog.conf - but, as someone pointed out on the list, this
> > naturally logs all kern.info messages to messages.shorewall, and
> > hence the question: is there anyway of logging _only_ the shorewall
logs
> > to messages.shorewall?
> 
> Syslogd controls all the logging.  The standard syslogd provided with Red
Hat
> (and i presume most other distros) does not support application-based
> logging.  Some of the syslogd replacements such as syslog-ng may do so.
> 
> Is there really any need to separate ''shorewall'' messages
(in quotes, because
> they''re actually kernel netfilter messages, not shorewall) from
the rest of
> the kernel.  Why not just accept that all kernel messages will appear in
one
> file?
> 
> Paul
> http://paulgear.webhop.net
> 
> 
well, it''s actually not that a big deal - it would however simplify 
going through the logs; tracking portscanns & such, it''s more a
matter of
convenience really.

regards,
//adrian papari.1

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/L/P d+ s+: !a C++ UL+ !P L++(+++) E---@ W+ N+ o? K? w--- !O M--
V? !PS !PE !Y !PGP t+++ 5-- X- R-@ tv-->! b+++>++++ DI !D !G !e r? z?
------END GEEK CODE BLOCK------

Adrian Papari wrote:
> ...
> > Is there really any need to separate ''shorewall''
messages (in quotes, because
> > they''re actually kernel netfilter messages, not shorewall)
from the rest of
> > the kernel.  Why not just accept that all kernel messages will appear
in one
> > file?
>
> well, it''s actually not that a big deal - it would however
simplify
> going through the logs; tracking portscanns & such, it''s more
a matter of
> convenience really.
The most convenient thing would be to write a script that greps for
''Shorewall:''
and then summarizes the events.  You could start with the CGI script previously
published on the mailing list, or maybe the tools at dshield.org might prove
helpful.  (I''ve been meaning to investigate them myself - anyone using
dshield
care to comment?)

Paul
http://paulgear.webhop.net

> > ...
> > > Is there really any need to separate
''shorewall'' messages (in quotes, because
> > > they''re actually kernel netfilter messages, not
shorewall) from the rest of
> > > the kernel.  Why not just accept that all kernel messages will
appear in one
> > > file?
> >
> > well, it''s actually not that a big deal - it would however
simplify
> > going through the logs; tracking portscanns & such, it''s
more a matter of
> > convenience really.
> 
> The most convenient thing would be to write a script that greps for
''Shorewall:''
> and then summarizes the events.  You could start with the CGI script
previously
> published on the mailing list, or maybe the tools at dshield.org might
prove
> helpful.  (I''ve been meaning to investigate them myself - anyone
using dshield
> care to comment?)
> 
> Paul
> http://paulgear.webhop.net
> 
ok - thanks man; i''ll check it out once i get some spare time.

regards,
//adrian papari.
-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/L/P d+ s+: !a C++ UL+ !P L++(+++) E---@ W+ N+ o? K? w--- !O M--
V? !PS !PE !Y !PGP t+++ 5-- X- R-@ tv-->! b+++>++++ DI !D !G !e r? z?
------END GEEK CODE BLOCK------