On Tue, 17 Feb 2004, Alex Volkov wrote:> Still trying to set up Shorewall logging. I understand that Shorewall require syslog to get logging working, however I have metalog. Is this > possible to use metalog as logging facility for Shorewall?Apparently -- Metalog (http://metalog.sourceforge.net/) advertises itself as a replacement for syslogd (much like syslog-ng) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
I am using shorewall on my debian system with metalog with no problems, I find metalog to be a refreshing change from other logging programs, reminding me of some of qmail''s features, but without having to buy-in the whole philosophy(and breaking the LSB standards) --On February 17, 2004 4:10 +0000 Alex Volkov <unsecure@airpost.net> wrote:> Hi Tom and list, > > Still trying to set up Shorewall logging. I understand that Shorewall > require syslog to get logging working, however I have metalog. Is this > possible to use metalog as logging facility for Shorewall? I was reading > http://www.shorewall.net/shorewall_logging.html and it describes other > method ( ULOG ). I understand that I have to compile ULOG support in the > kernel... where do I find it in kernel build options? > > Alex. > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: > http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
On Tue, 17 Feb 2004, Alex Volkov wrote:> # Sample Metalog configuration file > > maxsize = 100000 > maxtime = 86400 > maxfiles = 5 > > Kernel messages : > > facility = "kern" > logdir = "/var/log/kernel"As explained at http://www.shorewall.net/shorewall_logging.html, all Netfilter messages are logged with the ''kern'' facility. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Okay, I was curious, installed the program, and did the setup. Here you go for the metalog.conf: Kernel messages : facility = "kern" neg_regex= "Shorewall:" logdir = "/var/log/kernel" Shorewall messages: facility = "kern" regex = "Shorewall:" logdir = "/var/log/shorewall" Steve -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Alex Volkov Sent: Tuesday, February 17, 2004 00:01 To: E H R; Mailing List for Experienced Shorewall Users Subject: Re: [Shorewall-users] Metalog and Shorewall Would you be so kind to tell how did you set this up? I have posted my conf files to the list. Alex. On Mon, 16 Feb 2004 20:30:22 -0500 E H R <mailing@robibaro.net> wrote:> I am using shorewall on my debian system with metalog with no > problems, I find metalog to be a refreshing change from other logging > programs, reminding me of some of qmail''s features, but without having > to buy-in the whole philosophy(and breaking the LSB standards) > > --On February 17, 2004 4:10 +0000 Alex Volkov <unsecure@airpost.net>wrote:> > > Hi Tom and list, > > > > Still trying to set up Shorewall logging. I understand that > > Shorewall require syslog to get logging working, however I have > > metalog. Is this possible to use metalog as logging facility for > > Shorewall? I was reading > > http://www.shorewall.net/shorewall_logging.html and it describes > > other method ( ULOG ). I understand that I have to compile ULOG supportin the kernel... where do I find it in kernel build options?> > > > Alex. > > _______________________________________________ > > Shorewall-users mailing list > > Post: Shorewall-users@lists.shorewall.net > > Subscribe/Unsubscribe: > > https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: > > http://www.shorewall.net/support.htm > > FAQ: http://www.shorewall.net/FAQ.htm > > > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm_______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
On Mon, 16 Feb 2004, Steve Kent wrote:> Okay, I was curious, installed the program, and did the setup. > > > Here you go for the metalog.conf: > > > Kernel messages : > > facility = "kern" > neg_regex= "Shorewall:" > logdir = "/var/log/kernel" > > Shorewall messages: > facility = "kern" > regex = "Shorewall:" > logdir = "/var/log/shorewall" >I would think that if you reversed the order of these entries, you could omit the "net_regex" entry from the Kernel Messages part... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Tue, 17 Feb 2004, Alex Volkov wrote:> Who is mistyped it. Does it have to be net_regex or neg_regex? >Alex -- if you can''t read the metalog documentation and answer this question, then I suggest that you give up any ideas that you have about using Linux because you will never have any success. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Hi Tom and list, Still trying to set up Shorewall logging. I understand that Shorewall require syslog to get logging working, however I have metalog. Is this possible to use metalog as logging facility for Shorewall? I was reading http://www.shorewall.net/shorewall_logging.html and it describes other method ( ULOG ). I understand that I have to compile ULOG support in the kernel... where do I find it in kernel build options? Alex.
On Mon, 16 Feb 2004 17:20:42 -0800 (Pacific Standard Time) Tom Eastep <teastep@shorewall.net> wrote:> On Tue, 17 Feb 2004, Alex Volkov wrote: > > > Still trying to set up Shorewall logging. I understand that Shorewall require syslog to get logging working, however I have metalog. Is this > > possible to use metalog as logging facility for Shorewall? > > Apparently -- Metalog (http://metalog.sourceforge.net/) advertises itself > as a replacement for syslogd (much like syslog-ng) > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > _______________________________________________ > Shorewall-users mailing list# $Header:Then, it has to work, but I have trouble to configure it. What I did so far is created /var/log/shorewall/current file. In /etc/metalog/metalog.conf I created separate entry for Shorewall: /home/cvsroot/gentoo-x86/app-admin/metalog/files/metalog.conf,v 1.2 2002/10/12 06:09:16 woodchip Exp $ # # Sample Metalog configuration file maxsize = 100000 maxtime = 86400 maxfiles = 5 Kernel messages : facility = "kern" logdir = "/var/log/kernel" Crond : program = "crond" logdir = "/var/log/crond" Dudes firewalled by IPTrap : program = "iptrap" logdir = "/var/log/iptrap" Password failures : regex = "(password|login|authentication)\s+(fail|invalid)" regex = "(failed|invalid)\s+(password|login|authentication)" regex = "ILLEGAL ROOT LOGIN" logdir = "/var/log/pwdfail" # command = "/usr/local/sbin/mail_pwd_failures.sh" FTP Server : program = "pure-ftpd" logdir = "/var/log/ftpd" Shorewall : program = "shorewall" logdir = "/var/log/shorewall" Then, in /etc/shorewall/shorewall.conf , I''ve put LOGFILE=/var/log/shorewall/current but I can''t see any messages in there. Suggestions? Thanks. Alex.> Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
Would you be so kind to tell how did you set this up? I have posted my conf files to the list. Alex. On Mon, 16 Feb 2004 20:30:22 -0500 E H R <mailing@robibaro.net> wrote:> I am using shorewall on my debian system with metalog with no problems, I > find metalog to be a refreshing change from other logging programs, > reminding me of some of qmail''s features, but without having to buy-in the > whole philosophy(and breaking the LSB standards) > > --On February 17, 2004 4:10 +0000 Alex Volkov <unsecure@airpost.net> wrote: > > > Hi Tom and list, > > > > Still trying to set up Shorewall logging. I understand that Shorewall > > require syslog to get logging working, however I have metalog. Is this > > possible to use metalog as logging facility for Shorewall? I was reading > > http://www.shorewall.net/shorewall_logging.html and it describes other > > method ( ULOG ). I understand that I have to compile ULOG support in the > > kernel... where do I find it in kernel build options? > > > > Alex. > > _______________________________________________ > > Shorewall-users mailing list > > Post: Shorewall-users@lists.shorewall.net > > Subscribe/Unsubscribe: > > https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: > > http://www.shorewall.net/support.htm > > FAQ: http://www.shorewall.net/FAQ.htm > > > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
Who is mistyped it. Does it have to be net_regex or neg_regex? Alex. On Mon, 16 Feb 2004 18:33:29 -0800 (Pacific Standard Time) Tom Eastep <teastep@shorewall.net> wrote:> On Mon, 16 Feb 2004, Steve Kent wrote: > > > Okay, I was curious, installed the program, and did the setup. > > > > > > Here you go for the metalog.conf: > > > > > > Kernel messages : > > > > facility = "kern" > > neg_regex= "Shorewall:" > > logdir = "/var/log/kernel" > > > > Shorewall messages: > > facility = "kern" > > regex = "Shorewall:" > > logdir = "/var/log/shorewall" > > > > I would think that if you reversed the order of these entries, you could > omit the "net_regex" entry from the Kernel Messages part... > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
Thanks, however I think the problem here is not ignoring metalog documentation, but rather my limited ability to comprehend English text which is not my native language, also time. But then again, if I''m not proficient enough to read English, I probably can''t use Linux too. Alex. On Mon, 16 Feb 2004 19:16:25 -0800 (Pacific Standard Time) Tom Eastep <teastep@shorewall.net> wrote:> On Tue, 17 Feb 2004, Alex Volkov wrote: > > > Who is mistyped it. Does it have to be net_regex or neg_regex? > > > > Alex -- if you can''t read the metalog documentation and answer this > question, then I suggest that you give up any ideas that you have about > using Linux because you will never have any success. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
So true. Also man metalog produces about 4 entries. -h is most helpful. Will surf to google to research the issue. Alex. On Tue, 17 Feb 2004 19:39:12 -0800 "Jim" <j.tinner@comcast.net> wrote:> Hi Alex - I sense that Tom is a bit overwhelmed at the work of keeping up > this listserver. Perhaps it''s just the nasty weather in his area today. I > live not far away and didn''t venture outside all day due to the wind and > rain. > > > > -----Original Message----- > From: shorewall-users-bounces+j.tinner=comcast.net@lists.shorewall.net > [mailto:shorewall-users-bounces+j.tinner=comcast.net@lists.shorewall.net] On > Behalf Of Alex Volkov > Sent: Monday, February 16, 2004 10:25 PM > To: Mailing List for Experienced Shorewall Users > Subject: Re: [Shorewall-users] Metalog and Shorewall > > Thanks, however I think the problem here is not ignoring metalog > documentation, but rather my limited ability to comprehend English > text which is not my native language, also time. But then again, if I''m > not proficient enough to read English, I probably can''t use Linux too. > > Alex. > > > On Mon, 16 Feb 2004 19:16:25 -0800 (Pacific Standard Time) > Tom Eastep <teastep@shorewall.net> wrote: > > > On Tue, 17 Feb 2004, Alex Volkov wrote: > > > > > Who is mistyped it. Does it have to be net_regex or neg_regex? > > > > > > > Alex -- if you can''t read the metalog documentation and answer this > > question, then I suggest that you give up any ideas that you have about > > using Linux because you will never have any success. > > > > -Tom > > -- > > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > > Shoreline, \ http://shorewall.net > > Washington USA \ teastep@shorewall.net > > _______________________________________________ > > Shorewall-users mailing list > > Post: Shorewall-users@lists.shorewall.net > > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > > Support: http://www.shorewall.net/support.htm > > FAQ: http://www.shorewall.net/FAQ.htm > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
Hi Alex - I sense that Tom is a bit overwhelmed at the work of keeping up this listserver. Perhaps it''s just the nasty weather in his area today. I live not far away and didn''t venture outside all day due to the wind and rain. -----Original Message----- From: shorewall-users-bounces+j.tinner=comcast.net@lists.shorewall.net [mailto:shorewall-users-bounces+j.tinner=comcast.net@lists.shorewall.net] On Behalf Of Alex Volkov Sent: Monday, February 16, 2004 10:25 PM To: Mailing List for Experienced Shorewall Users Subject: Re: [Shorewall-users] Metalog and Shorewall Thanks, however I think the problem here is not ignoring metalog documentation, but rather my limited ability to comprehend English text which is not my native language, also time. But then again, if I''m not proficient enough to read English, I probably can''t use Linux too. Alex. On Mon, 16 Feb 2004 19:16:25 -0800 (Pacific Standard Time) Tom Eastep <teastep@shorewall.net> wrote:> On Tue, 17 Feb 2004, Alex Volkov wrote: > > > Who is mistyped it. Does it have to be net_regex or neg_regex? > > > > Alex -- if you can''t read the metalog documentation and answer this > question, then I suggest that you give up any ideas that you have about > using Linux because you will never have any success. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm_______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm