Martin Schinz wrote:> Hi List,
> I have just recently set up 2 mint systems with shorewall and have been
> using the script for a fair amount of time before that. What really
> ruined my day was the fact that the logging options for the
chains''
> Policies are in a different place than all the other logging options. I
> built my kernel with ulogd and spent hours looking for the config
> options of the policies.
Then I''m afraid that you spent those hours foolishly. If you enter
"Logging" in the Quick Search at the top of the Shorewall Home page,
the
second hit returned is a page entitled "Shorewall Logging". You can
reach the same page through the "Documentation" link in the left hand
panel; there you will find an alphabetical index with an entry entitled
"Logging".
The first section of the "Shorewall Logging" article describes the
circumstances under which packets are logged and the configuration file
settings that control them. From that section:
"5. The packet doesn''t match a rule so it is handled by a policy
defined
in /etc/shorewall/policy. These may be logged by specifying a syslog
level in the LOG LEVEL column of the policy''s entry (e.g., “loc net
ACCEPT info”)."
As to why it is that way:
The shorewall.conf file is used to specify settings of the simple form
<option>=<value>. Specifying logging of traffic for each ordered
pair of
zones does not map nicely into simple (option,value) pairs.
One final note -- the "Shorewall Logging" article is the same one that
describes how to set up Shorewall with ulogd so you may have had the
information in front of you all along.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net