Hi,
I am having a problem with logging. Here''s the situation.
I''m
runnin 1.3.12 on debian. If I run dmesg, it shows me the packets that
are getting logged, but these packets aren''t showing up in ANY file in
/var/log/*. Shorewall show log doesn''t see it (since it''s not
logging
to a log file). I''ve looked at my syslog.conf file but can''t
see
anything wrong with it. It is below, see if you can see anything wrong
with it please.
Thanks.
# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.
#
# First some standard logfiles. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
uucp.* /var/log/uucp.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
#
# Some `catch-all'' logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg *
local2.* -/var/log/ppp.log
--On Sunday, December 29, 2002 12:38:50 PM -0500 Jason <jason@basketclothes.com> wrote:> Hi, > I am having a problem with logging. Here''s the situation. I''m > runnin 1.3.12 on debian. If I run dmesg, it shows me the packets that > are getting logged, but these packets aren''t showing up in ANY file in > /var/log/*. Shorewall show log doesn''t see it (since it''s not logging > to a log file). I''ve looked at my syslog.conf file but can''t see > anything wrong with it. It is below, see if you can see anything wrong > with it please. >I don''t see anything wrong with it assuming that: a) syslogd is running; and b) The files /var/log/syslog and /var/log/kern.log exist. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
That''s what I thought too. But still the packets are only being seen when I run dmesg. They wont get logged to anything. It was working on December 20. Now I just noticed that I haven''t been getting any hits so I investigated and am not sure why it wont log anymore. Any other ideas? -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Sunday, December 29, 2002 12:48 PM To: Jason; shorewall-users@shorewall.net Subject: Re: [Shorewall-users] Logging problem... --On Sunday, December 29, 2002 12:38:50 PM -0500 Jason <jason@basketclothes.com> wrote:> Hi, > I am having a problem with logging. Here''s the situation. I''m > runnin 1.3.12 on debian. If I run dmesg, it shows me the packets that> are getting logged, but these packets aren''t showing up in ANY file in> /var/log/*. Shorewall show log doesn''t see it (since it''s not logging> to a log file). I''ve looked at my syslog.conf file but can''t see > anything wrong with it. It is below, see if you can see anything > wrong with it please. >I don''t see anything wrong with it assuming that: a) syslogd is running; and b) The files /var/log/syslog and /var/log/kern.log exist. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
--On Sunday, December 29, 2002 3:18 PM -0500 Jason <jason@basketclothes.com> wrote:> That''s what I thought too. But still the packets are only being seen > when I run dmesg. They wont get logged to anything. It was working on > December 20. Now I just noticed that I haven''t been getting any hits so > I investigated and am not sure why it wont log anymore. > > Any other ideas? >Your /var partition isn''t full is it? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
Nope. Is there any way to generate a ''test'' syslog (one that would be like what iptables would generate) to see if it is even getting the test ? -- Jason -----Original Message----- From: shorewall-users-bounces@shorewall.net [mailto:shorewall-users-bounces@shorewall.net] On Behalf Of Tom Eastep Sent: Sunday, December 29, 2002 3:35 PM To: shorewall-users@shorewall.net Subject: RE: [Shorewall-users] Logging problem... --On Sunday, December 29, 2002 3:18 PM -0500 Jason <jason@basketclothes.com> wrote:> That''s what I thought too. But still the packets are only being seen > when I run dmesg. They wont get logged to anything. It was working > on December 20. Now I just noticed that I haven''t been getting any > hits so I investigated and am not sure why it wont log anymore. > > Any other ideas? >Your /var partition isn''t full is it? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://www.shorewall.net/mailman/listinfo/shorewall-users
--On Sunday, December 29, 2002 6:40 PM -0500 Jason <jason@basketclothes.com> wrote:> Nope. Is there any way to generate a ''test'' syslog (one that would be > like what iptables would generate) to see if it is even getting the test > ? >Not that I''m aware of. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
--On Sunday, December 29, 2002 3:41 PM -0800 Tom Eastep <teastep@shorewall.net> wrote:> > > --On Sunday, December 29, 2002 6:40 PM -0500 Jason > <jason@basketclothes.com> wrote: > >> Nope. Is there any way to generate a ''test'' syslog (one that would be >> like what iptables would generate) to see if it is even getting the test >> ? >> > > Not that I''m aware of.You CAN generate a log message with facility=kern and priority=info using: logger -p kern.info "Foo Bar" but that uses a mechisim totally separate from what the kernel does. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
--On Sunday, December 29, 2002 3:47 PM -0800 Tom Eastep <teastep@shorewall.net> wrote:> but that uses a mechisim totally separate from what the kernel does.I need to hire a proof-reader (or a typist) -- "mechism" should be "mechanism"... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
That works. Still can''t get the shorewall/iptables logging to work. I''m recompiling my kernel again. Went through it and changed some things, not sure if it will help or not. Will let you know later on. -- Jason -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Sunday, December 29, 2002 6:48 PM To: Jason; shorewall-users@shorewall.net Subject: Re: [OT] RE: [Shorewall-users] Logging problem... --On Sunday, December 29, 2002 3:41 PM -0800 Tom Eastep <teastep@shorewall.net> wrote:> > > --On Sunday, December 29, 2002 6:40 PM -0500 Jason > <jason@basketclothes.com> wrote: > >> Nope. Is there any way to generate a ''test'' syslog (one that would >> be like what iptables would generate) to see if it is even getting >> the test ? >> > > Not that I''m aware of.You CAN generate a log message with facility=kern and priority=info using: logger -p kern.info "Foo Bar" but that uses a mechisim totally separate from what the kernel does. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
--On Sunday, December 29, 2002 7:14 PM -0500 Jason <jason@basketclothes.com> wrote:> That works. Still can''t get the shorewall/iptables logging to work. > I''m recompiling my kernel again. Went through it and changed some > things, not sure if it will help or not. Will let you know later on. >I would look first at klogd rather than the kernel -- there have been problems with that program in the past that have exhibited these symptoms. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
OK Tom. Whatever I did fixed the logging problem. ;) Please see my next thread as I have another problem (had it, just worked around it). Thanks Jason -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Sunday, December 29, 2002 7:16 PM To: Jason; shorewall-users@shorewall.net Subject: RE: [OT] RE: [Shorewall-users] Logging problem... --On Sunday, December 29, 2002 7:14 PM -0500 Jason <jason@basketclothes.com> wrote:> That works. Still can''t get the shorewall/iptables logging to work. > I''m recompiling my kernel again. Went through it and changed some > things, not sure if it will help or not. Will let you know later on. >I would look first at klogd rather than the kernel -- there have been problems with that program in the past that have exhibited these symptoms. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
Have you checked with dmesg? For some reason not all of the REJECTS seem to make it to syslog on my box either. But when I look using the dmesg command I can see all the messages from shorewall properly. On Sun, 29 Dec 2002, Jason wrote:> Nope. Is there any way to generate a ''test'' syslog (one that would be > like what iptables would generate) to see if it is even getting the test > ? > > -- Jason > > -----Original Message----- > From: shorewall-users-bounces@shorewall.net > [mailto:shorewall-users-bounces@shorewall.net] On Behalf Of Tom Eastep > Sent: Sunday, December 29, 2002 3:35 PM > To: shorewall-users@shorewall.net > Subject: RE: [Shorewall-users] Logging problem... > > > > > --On Sunday, December 29, 2002 3:18 PM -0500 Jason > <jason@basketclothes.com> wrote: > > > That''s what I thought too. But still the packets are only being seen > > when I run dmesg. They wont get logged to anything. It was working > > on December 20. Now I just noticed that I haven''t been getting any > > hits so I investigated and am not sure why it wont log anymore. > > > > Any other ideas? > > > > Your /var partition isn''t full is it? > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://shorewall.sf.net > Washington USA \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users > >-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
--On Tuesday, December 31, 2002 1:55 PM +0100 Remco Barendse <shorewall@barendse.to> wrote:> Have you checked with dmesg? > > For some reason not all of the REJECTS seem to make it to syslog on my > box either. But when I look using the dmesg command I can see all the > messages from shorewall properly. >Problems of this sort usually indicate a broken klogd. Unless you''re running Bering and are short on FD space, I recommend upgrading to Shorewall 1.3.12 and using the ULOG facility. It avoids all of these syslog-related annoyances and you end up with a log that contains ONLY netfilter messages. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net