Hi all! Previously I used ipchains on my RH 8.0 box, but have changed to shorewall using iptables. When I used ipchains the logwatch package from RedHat would send me a daily report of all the things that were rejected by the firewall. Now there is nothing reported at all. Is this because the logging output from shorewall is a bit different than redhat stock or should I change something? Thanks and best regards! Remco -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
>From: Remco Barendse <shorewall@barendse.to> >To: shorewall-users@shorewall.net >Subject: [Shorewall-users] RedHat 8.0 LogWatch? >Date: Wed, 13 Nov 2002 07:59:59 +0100 (CET) > >Hi all! > >Previously I used ipchains on my RH 8.0 box, but have changed to shorewall >using iptables. > >When I used ipchains the logwatch package from RedHat would send me a >daily report of all the things that were rejected by the firewall. Now >there is nothing reported at all. > >Is this because the logging output from shorewall is a bit different than >redhat stock or should I change something? > >Thanks and best regards! >Remco >Shorewall uses syslog to log events. Look at /etc/syslog.conf and kern.* specifically. This should show you where the kernel messages are logged and these will contain the info on what has been dropped or rejected. If you want to log the accepted connections, you''ll have to specify this in the rules file and the appropriate rule _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
Remco, This is from http://www.shorewall.net/FAQ.htm#faq6a . 6a. Are there any log parsers that work with Shorewall? Answer: Here are several links that may be helpful: http://www.shorewall.net/pub/shorewall/parsefw/ http://www.fireparse.com http://cert.uni-stuttgart.de/projects/fwlogwatch http://www.logwatch.org I personally use Fwlogwatch. Hope this helps Mike -----Original Message----- From: Remco Barendse [mailto:shorewall@barendse.to] Sent: Wednesday, November 13, 2002 1:00 AM To: shorewall-users@shorewall.net Subject: [Shorewall-users] RedHat 8.0 LogWatch? Hi all! Previously I used ipchains on my RH 8.0 box, but have changed to shorewall using iptables. When I used ipchains the logwatch package from RedHat would send me a daily report of all the things that were rejected by the firewall. Now there is nothing reported at all. Is this because the logging output from shorewall is a bit different than redhat stock or should I change something? Thanks and best regards! Remco -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://www.shorewall.net/mailman/listinfo/shorewall-users