Hi Could someone please help me clarify the logging mechanism between Shorewall and syslog-ng? I''ve read the FAQ but I didn''t find any appropriate information. I cannot see that Shorewall logs via facility "kern". Nothing appears in /var/log/kern.log. I''ve installed both (GNU/Debian) packages "out-of-the-box". In Shorewall, logging is set to (not changed by me): LOGFILE="/var/log/messages" Well, NO logging is done in that file by Shorewall. All logging is done on the console! Nothing in /var/log/messages. I''ve tried to switch "console" to something else in syslog-ng but logging still comes on the console. Thanks in advance John
On Mon, 24 Mar 2003, John Plate wrote:> Hi > > Could someone please help me clarify the logging mechanism between > Shorewall and syslog-ng? >I can''t == I''ve never used syslog-ng. Everything I know about Shorewall logging is contained in: a) http://www.shorewall.net/shorewall_logging.html b) http://www.shorewall.net/FAQ.htm -- FAQs 6,6a,tb,tc,6d,16,17 and 21. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
Hi John,> Could someone please help me clarify the logging mechanism between > Shorewall and syslog-ng? > > I''ve read the FAQ but I didn''t find any appropriate information. I > cannot see that Shorewall logs via facility "kern". Nothing appears in > /var/log/kern.log. > > I''ve installed both (GNU/Debian) packages "out-of-the-box". In > Shorewall, logging is set to (not changed by me): > > LOGFILE="/var/log/messages" > > Well, NO logging is done in that file by Shorewall. All logging is > done on the console! Nothing in /var/log/messages.You''re probably not getting any kernel logging, rather than it being specifically shorewall. Somewhere in your syslog-ng.conf file you probably have a line like: source sys { unix-stream ("/dev/log"); internal(); }; Try changing it to: source sys { unix-dgram ("/dev/log"); internal(); };> I''ve tried to switch "console" to something else in syslog-ng but > logging still comes on the console.I think the logging to the console is actually being done by klogd. If that doesn''t help, I''d recommend posting your question on the syslog-ng mailing list. Paul
Hi Tom Eastep> > Could someone please help me clarify the logging mechanism between > > Shorewall and syslog-ng? > > I can''t == I''ve never used syslog-ng. Everything I know about Shorewall > logging is contained in: > > a) http://www.shorewall.net/shorewall_logging.html > b) http://www.shorewall.net/FAQ.htm -- FAQs 6,6a,tb,tc,6d,16,17 and 21.Thanks a lot. Your answer in fact helped me search in another direction. I found out that klogd should have an option when started. On my Debian system I changed (in /etc/init.d/klogd) the line KLOGD="" to KLOGD="-c 3" and that fixed the problem. John