Hi All, I need to be able to make sense from my shorewall logs. I have installed logwatch and it is mailing me reports but the level of detail is just not there. I have set the detail variable to High=10 but I get entries only from the DNS service about denied updates. What am I getting wrong? Tom, will you be kind enough to send me your logwatch config files? Thanks in advance. Ama
On Tue, 2003-11-18 at 01:13, Ama Kalu wrote:> Hi All, > > I need to be able to make sense from my shorewall logs. > > I have installed logwatch and it is mailing me reports but the level of > detail is just not there. I have set the detail variable to High=10 but > I get entries only from the DNS service about denied updates. What am I > getting wrong? Tom, will you be kind enough to send me your logwatch > config files?a) Where are you logging Shorewall messages? b) Are you seeing "Shorewall" messages in that log. c) Logwatch is incompatible with ULOG logging, so if you want to use Logwatch, you must use syslog. d) If you log to one of the files that Logwatch processes (usually /var/log/messages), Logwatch right of the can "just works". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Hello Ama,
Tuesday, November 18, 2003, 11:13:57 AM, you wrote:
AK> Hi All,
AK> I need to be able to make sense from my shorewall logs.
AK> I have installed logwatch and it is mailing me reports but the level of
AK> detail is just not there. I have set the detail variable to High=10 but
AK> I get entries only from the DNS service about denied updates. What am I
AK> getting wrong? Tom, will you be kind enough to send me your logwatch
AK> config files?
AK> Thanks in advance.
AK> Ama
AK> _______________________________________________
AK> Shorewall-users mailing list
AK> Post: Shorewall-users@lists.shorewall.net
AK> Subscribe/Unsubscribe:
AK> https://lists.shorewall.net/mailman/listinfo/shorewall-users
AK> Support: http://www.shorewall.net/support.htm
AK> FAQ: http://www.shorewall.net/FAQ.htm
Just apply this patch for /etc/log.d/scripts/services/kernel (RedHat)
-----------------------
--- kernel.orig Tue Nov 18 17:30:11 2003
+++ kernel Tue Nov 18 17:30:21 2003
@@ -123,7 +123,7 @@
$ipt{$actionType}{$if}{$fromip}{$toip}{$toport}{$proto}{"$chain,$if"}++;
}
# IPTABLES
- elsif (($chain,$ifin,$ifout,$fromip,$toip,$proto,$rest,$ref) = ($ThisLine =~
/^(.*?)\s*IN=(\w*).*?OUT=(\w*).*?SRC=([\d|\.]+).*?DST=([\d|\.]+).*?PROTO=(\w+)([^\[]*)(.*)/
)) {
+ elsif (($chain,$ifin,$ifout,$fromip,$toip,$proto,$rest,$ref) = ($ThisLine =~
/^(.*?)IN=(\w*).*?OUT=(\w*).*?SRC=([\d|\.]+).*?DST=([\d|\.]+).*?PROTO=(\w+)([^\[]*)(.*)/
)) {
# we ignore the reference to a previous packet
$ref = "";
-----------------------
--
Best regards,
Andrew Zhoglo mailto:azh@tut.by
Hello Tom, Tuesday, November 18, 2003, 5:22:02 PM, you wrote: TE> On Tue, 2003-11-18 at 01:13, Ama Kalu wrote:>> Hi All, >> >> I need to be able to make sense from my shorewall logs. >> >> I have installed logwatch and it is mailing me reports but the level of >> detail is just not there. I have set the detail variable to High=10 but >> I get entries only from the DNS service about denied updates. What am I >> getting wrong? Tom, will you be kind enough to send me your logwatch >> config files?TE> a) Where are you logging Shorewall messages? TE> b) Are you seeing "Shorewall" messages in that log. TE> c) Logwatch is incompatible with ULOG logging, so if you want to use TE> Logwatch, you must use syslog. TE> d) If you log to one of the files that Logwatch processes (usually TE> /var/log/messages), Logwatch right of the can "just works". This addons files allow logwatch work with ULOG. I use it since February 2003. -- Best regards, Andrew Zhoglo mailto:azh@tut.by -------------- next part -------------- A non-text attachment was scrubbed... Name: ulogd.tgz Type: application/x-compressed Size: 4154 bytes Desc: not available Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20031118/321af257/ulogd.bin
On Tue, 2003-11-18 at 07:53, Andrew Zhoglo wrote:> Hello Tom, > > Tuesday, November 18, 2003, 5:22:02 PM, you wrote: > > TE> On Tue, 2003-11-18 at 01:13, Ama Kalu wrote: > >> Hi All, > >> > >> I need to be able to make sense from my shorewall logs. > >> > >> I have installed logwatch and it is mailing me reports but the level of > >> detail is just not there. I have set the detail variable to High=10 but > >> I get entries only from the DNS service about denied updates. What am I > >> getting wrong? Tom, will you be kind enough to send me your logwatch > >> config files? > > TE> a) Where are you logging Shorewall messages? > TE> b) Are you seeing "Shorewall" messages in that log. > TE> c) Logwatch is incompatible with ULOG logging, so if you want to use > TE> Logwatch, you must use syslog. > TE> d) If you log to one of the files that Logwatch processes (usually > TE> /var/log/messages), Logwatch right of the can "just works". > > This addons files allow logwatch work with ULOG. > I use it since February 2003.Thanks, Andrew -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net