Hello, I have noticed recently that my /var/log/messages does not include dropped packet notifications. Using dmesg does show the logs. My /var/log/messages contains the normal stuff minus shorewall as far as I can tell. I though that the world had left my server alone, that the firewall had discouraged investigation! Yeah right, just my logwatch emails stopped containing shorewall messages. There is no hope... Anyways, I am trying to get shorewall to log through /var/log/messages. I have no idea how long it has been broken, but it definitely has been many months. Maybe over a year. My case is identical to this thread in the archives: http://lists.shorewall.net/pipermail/shorewall-users/2002-December/004234.html I did not find a resolution for this issue there. I have tried updating a few packages, such as klogd, to no avail. I am running shorewall 2.02f. Debian testing mostly. I have attached various config files, as well as a text file console.txt that includes various dumps requested. Anyone out there have a idea about this? Thanks, Alex Martin http://www.rettc.com
Alex Martin wrote:> I did not find a resolution for this issue there. I have tried updating > a few packages, such as klogd, to no avail. I am running shorewall > 2.02f. Debian testing mostly. I have attached various config files, as > well as a text file console.txt that includes various dumps requested. >Sounds very similar to my setup except that my syslong.conf is tiny compared to yours (see attached).> Anyone out there have a idea about this? >[teastep@ursa Alex]$ grep LOG status.txt 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'' 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'' 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'' 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'' 2 96 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'' 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:'' 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:'' [teastep@ursa Alex]$ Note that all logging rules have ''level 6'' so it doesn''t appear that Shorewall is messing up the log level. And the fact that the messages are actually shown using ''dmesg'' indicates that log messages are being generated. Are you seeing Shorewall messages in /var/log/kern.log? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> > Sounds very similar to my setup except that my syslong.conf is tiny > compared to yours (see attached). >FWIW, I''m running syskogd 1.4.1-10 and klogd 1.4.1-10. My kernel is 2.4.25 compiled from kernel.org sources patched from Patch-O-Matic. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net