Shorewall users - Nov 2003 - Customizing rfc1918 log message

Hi,

I''d like packets dropped by the norfc1918 policy to be easily
distinguishable
in the log file.  Currently I get this:

  Nov 27 10:05:10 lanka kernel: Shorewall:logdrop:DROP:IN=eth3 OUT=eth1 ...

Ideally I would like:

  Nov 27 10:05:10 lanka kernel: Shorewall:rfc1918:DROP:IN=eth3 OUT=eth1 ...

I''m using shorewall 1.4.5 and standard syslog.  My rfc1918 file is in
the
standard format, like this:

    36.0.0.0/7              logdrop         # Reserved

I''ve been reading docs and FAQs for over half and hour but I''m
still not sure
how to do it.  Any ideas?

Thanks!
-- 
Fraser Campbell <fraser@wehave.net>                 http://www.wehave.net/
Halton Hills, Ontario, Canada                       Debian GNU/Linux

On Thu, 2003-11-27 at 09:56, Fraser Campbell wrote:
> Hi,
> 
> I''d like packets dropped by the norfc1918 policy to be easily
distinguishable
> in the log file.  Currently I get this:
> 
>   Nov 27 10:05:10 lanka kernel: Shorewall:logdrop:DROP:IN=eth3 OUT=eth1 ...
> 
> Ideally I would like:
> 
>   Nov 27 10:05:10 lanka kernel: Shorewall:rfc1918:DROP:IN=eth3 OUT=eth1 ...
> 
There is no means for customizing log messages in this way other than to
modify the firewall script yourself.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

On Thu, 2003-11-27 at 10:15, Tom Eastep wrote:
> On Thu, 2003-11-27 at 09:56, Fraser Campbell wrote:
> > Hi,
> > 
> > I''d like packets dropped by the norfc1918 policy to be easily
distinguishable
> > in the log file.  Currently I get this:
> > 
> >   Nov 27 10:05:10 lanka kernel: Shorewall:logdrop:DROP:IN=eth3
OUT=eth1 ...
> > 
> > Ideally I would like:
> > 
> >   Nov 27 10:05:10 lanka kernel: Shorewall:rfc1918:DROP:IN=eth3
OUT=eth1 ...
> > 
> 
> There is no means for customizing log messages in this way other than to
> modify the firewall script yourself.
That having been said, I think your suggestion is a good one and the
version of the ''firewall'' script in CVS (project Shorewall/)
contains
the change.

If you upgrade to Shorewall 1.4.8, you can then overload
/usr/share/shorewall/firewall with the CVS version.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

On Thursday 27 November 2003 13:42, Tom Eastep wrote:
> That having been said, I think your suggestion is a good one and the
> version of the ''firewall'' script in CVS (project
Shorewall/) contains
> the change.
>
> If you upgrade to Shorewall 1.4.8, you can then overload
> /usr/share/shorewall/firewall with the CVS version.
Very cool, thank you!  I don''t think I''ll upgrade anything at
this point but
it''s good to see it in the pipe.

-- 
Fraser Campbell <fraser@wehave.net>                 http://www.wehave.net/
Halton Hills, Ontario, Canada                       Debian GNU/Linux