Hi all, I have just joined the list. I use shorewall on a number of boxes both at home and at work, in fact I use it on the main firewall for the college I work at :) And it does a great job - an excellent piece of software. I am trying to get shorewall to run on a Linksys WRT54G wireless router. Basically I have a tiny version of Linux running on it called openwrt. Because the device uses flash there is very little disk space to play with so I would like to try and get shorewall to log to a remote syslog host as it is not desirable to store the log files on the flash. Firstly is this possible, and secondly could you give me some pointers on how to go about getting it to work? I have had a search through the website and some of the mailing list archives but have not turned up anything yet. I have the syslog daemon on the Linksys logging to the remote syslog host but Shorewall looks for a /var/log/messages file. So I created an empty file there, but then I get the following error: Error: Invalid LOGFORMAT string: "Shorewall:%s:%s:" At this point I realise there may be more involved than I thought! :) Any info appreciated. TIA, Dan
Dan Peachey wrote:> > Any info appreciated.Remote logging has nothing to do with Shorewall configuration. You configure your local *syslogd* to forward log messages to a remote host. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
> Remote logging has nothing to do with Shorewall configuration. You > configure your local *syslogd* to forward log messages to a > remote host. > > -TomYep, I realise that, but does shorewall not depend on having access to the log files on the local disk then? Thanks, Dan
Dan Peachey wrote:>>Remote logging has nothing to do with Shorewall configuration. You >>configure your local *syslogd* to forward log messages to a >>remote host. >> >>-Tom > > > Yep, I realise that, but does shorewall not depend on having access to > the log files on the local disk then?/sbin/shorewall reads local logs -- if you don''t store your logs locally then clearly those commands that read the logs (logwatch, status, show log and hits) won''t work on the Linksys. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> Dan Peachey wrote: > >>> Remote logging has nothing to do with Shorewall configuration. You >>> configure your local *syslogd* to forward log messages to a remote host. >>> >>> -Tom >> >> >> >> Yep, I realise that, but does shorewall not depend on having access to >> the log files on the local disk then? > > > /sbin/shorewall reads local logs -- if you don''t store your logs locally > then clearly those commands that read the logs (logwatch, status, show > log and hits) won''t work on the Linksys.And I haven''t a clue why you are getting the Invalid LOGFORMAT message -- that message has nothing to do with the presence or absense of a log file but rather means that a "printf" shell command using the contents of LOGFORMAT failed. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
> And I haven''t a clue why you are getting the Invalid > LOGFORMAT message > -- that message has nothing to do with the presence or > absense of a log > file but rather means that a "printf" shell command using the > contents > of LOGFORMAT failed. > > -TomIt''s a very minimal linux distro, based on ulibc, busybox etc. It''s no doubt missing something somewhere - I''ll have a look into it. Thanks for the info. Dan
Dan Peachey wrote:> It''s a very minimal linux distro, based on ulibc, busybox etc. It''s no > doubt missing something somewhere - I''ll have a look into it.Here is some info that Steve Herber sent me regarding Shorewall on the WRT54G: --------------------------------------------------------------------- I have been keeping my eye on the linksys wrt54g because of their gnu gpl violation issues. This link calls out shorewall as part of a firmware upgrade: http://www.broadbandreports.com/forum/remark,9112726~mode=flat~days=10~start=60#9228934 This is the general forum for the firmware company: http://www.sveasoft.com/forum6.html --------------------------------------------------------------------- -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Dan Peachey wrote:>>And I haven''t a clue why you are getting the Invalid >>LOGFORMAT message >>-- that message has nothing to do with the presence or >>absense of a log >>file but rather means that a "printf" shell command using the >>contents >>of LOGFORMAT failed. >> >>-Tom > > > It''s a very minimal linux distro, based on ulibc, busybox etc. It''s no > doubt missing something somewhere - I''ll have a look into it.I suspect that the busybox they are using doesn''t support ''printf''. Do you have /usr/bin/printf? If so, the test that Shorewall is doing to validate LOGFORMAT is: temp=$(printf "$LOGFORMAT" fooxx barxx 2> /dev/null) if [ $? -ne 0 ]; then startup_error "Invalid LOGFORMAT string: \"$LOGFORMAT\"" So if you don''t have an executable called ''printf'' in your PATH then the message that you are seeing will result. To get around the absense of printf, you would need to hack up /usr/share/shorewall/firewall to avoid its use. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> > So if you don''t have an executable called ''printf'' in your PATH then the > message that you are seeing will result. To get around the absense of > printf, you would need to hack up /usr/share/shorewall/firewall to avoid > its use.Or, you could place the following in /etc/shorewall/params: printf() { echo "Shorewall:${2}:${3}:" } :-) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
> I suspect that the busybox they are using doesn''t support > ''printf''. Do > you have /usr/bin/printf? If so, the test that Shorewall is doing to > validate LOGFORMAT is: > > temp=$(printf "$LOGFORMAT" fooxx barxx 2> /dev/null) > if [ $? -ne 0 ]; then > startup_error "Invalid LOGFORMAT string: \"$LOGFORMAT\"" > > So if you don''t have an executable called ''printf'' in your > PATH then the > message that you are seeing will result. To get around the absense of > printf, you would need to hack up > /usr/share/shorewall/firewall to avoid > its use. > > -TomSpot on, printf was not set in the busybox config file: # CONFIG_PRINTF is not set I shall set it and hopefully that will fix it. Thanks again, Dan