Hi, I''m using Shorewall 1.4.8 and ulogd 1.02. I was wondering how I can set the option --ulog-qthreshold in the shorewall configuration files, as I need it. I''m logging to a remote database server, and so I''d like to log a few entries at a time, instead of having them logged one at a time. However, putting the option in the policy file does not work and putting it for some other alerts (new-not-syn etc.) in the shorewall.conf gives starting errors. Is it possible? And how? I''m no member of this list, so please send a copy of your reply to erwin.vandevelde@ua.ac.be Thanks in adv, Erwin Van de Velde Student of University of Antwerp Belgium
Erwin Van de Velde wrote:> Hi, > > I''m using Shorewall 1.4.8 and ulogd 1.02. I was wondering how I can set the > option --ulog-qthreshold in the shorewall configuration files, as I need it. > I''m logging to a remote database server, and so I''d like to log a few entries > at a time, instead of having them logged one at a time. However, putting the > option in the policy file does not work and putting it for some other alerts > (new-not-syn etc.) in the shorewall.conf gives starting errors. > > Is it possible? And how?It is currently not possible without modifying the ''firewall'' script. The functions log_rule() and log_rule_limit() need to be changed to specify --ulog-qthreshhold. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> > > It is currently not possible without modifying the ''firewall'' script. > The functions log_rule() and log_rule_limit() need to be changed to > specify --ulog-qthreshhold. >I should have looked at the code first -- only log_rule_limit() needs change (the two lines that generate ULOG rules). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net