Shorewall users - Dec 2004 - Some help for a beginner please: terser logging

Dear newfound friends,
please be patient. For me reading and writing in English is more painful 
than dissecting IP traces :)

I have tried reading through the FAQ but could not quite understand:

I would like the logs to be terser. I think I can live without MAC, LEN, 
TOS, PREC, TTL, ID fields normally (maybe need them only in special 
situations). Could not understand if/how I can achieve this.

I am using shorewall 2.0.13 on my Debian unstable laptop with a 2.6.9 
kernel.

TIA,
Bob

bob@t40:~$ dpkg -l |grep shorewall
ii  shorewall      2.0.13-1       Shoreline Firewall (Shorewall)
ii  shorewall-doc  2.0.13         Shoreline Firewall (Shorewall) 
documentation
ii  webmin-shorewa 1.160-2        shorewall firewall control module for 
webmin

On Thu, 2004-12-16 at 15:59 +0100, Bob Alexander wrote:
> I would like the logs to be terser. I think I can live without MAC, LEN, 
> TOS, PREC, TTL, ID fields normally (maybe need them only in special 
> situations). Could not understand if/how I can achieve this.
The log records are produced by Netfilter (not by Shorewall) and there
is no way to customize their content.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Tom Eastep wrote:
> The log records are produced by Netfilter (not by Shorewall) and there
> is no way to customize their content.
> 
Doh ! :) Obvious ! Thank you for removing the first of many spiderwebs 
from my brain :)

Bob

Bob Alexander wrote on 16/12/2004 13:59:07:
> Tom Eastep wrote:
> > The log records are produced by Netfilter (not by Shorewall) and there
> > is no way to customize their content.
> > 
> 
> Doh ! :) Obvious ! Thank you for removing the first of many spiderwebs 
> from my brain :)
> 
> Bob
but you could use ULOG to deal with them...

cheers,
________________________
Eduardo Ferreira
Icatu Holding S.A.
Supervisor de TI
(5521) 3804-8606

Eduardo Ferreira wrote:
> but you could use ULOG to deal with them...
> 
Muito obrigado Eduardo (hope that is correct :)).

ULOG could be a very good idea. Will investigate.

Bob

PS Dream about a Perl script converting rules into Graphviz format 
showing them as a graph !

Bob Alexander wrote on 16/12/2004 14:55:32:
> Eduardo Ferreira wrote:
> > but you could use ULOG to deal with them...
> > 
> 
> Muito obrigado Eduardo (hope that is correct :)).
It is.  very nice of you ;-)
 
> ULOG could be a very good idea. Will investigate.
there is a page in the shorewall site that gives directions:
http://www.shorewall.net/shorewall_logging.html
 
> Bob
> 
> PS Dream about a Perl script converting rules into Graphviz format 
> showing them as a graph !
That would need much more time than my holidays!  And no graphical 
interface here, pure text!

cheers,

Eduardo

On Thu, 2004-12-16 at 15:06 -0200, Eduardo Ferreira wrote:
> That would need much more time than my holidays!  And no graphical 
> interface here, pure text!
> 
For a starter, the following makes it easier to see the chain structure
in the Shorewall-generated ruleset.

shorewall status | \
grep -vE ''ACCEPT|DROP|REJECT|LOG|MASQUERADE|SNAT|DNAT'' | \
less

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Thu, 2004-12-16 at 09:44 -0800, Tom Eastep wrote:
> 
> shorewall status | \
> grep -vE ''ACCEPT|DROP|REJECT|LOG|MASQUERADE|SNAT|DNAT'' |
\
grep -vE ''ACCEPT|DROP|REJECT|LOG|MASQUERADE|SNAT|DNAT|reject''
| \
> less
Since ''reject'' just selects the appropriate form of REJECT
based on the
packet that it is rejecting, it''s not very interesting. So the above
probably makes more sense.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Tom wrote on 16/12/2004 16:00:24:
> On Thu, 2004-12-16 at 09:44 -0800, Tom Eastep wrote:
> 
> > 
> > shorewall status | \
> > grep -vE
''ACCEPT|DROP|REJECT|LOG|MASQUERADE|SNAT|DNAT'' | \
> 
> grep -vE
''ACCEPT|DROP|REJECT|LOG|MASQUERADE|SNAT|DNAT|reject'' | \
> 
> > less
> 
> Since ''reject'' just selects the appropriate form of
REJECT based on the
> packet that it is rejecting, it''s not very interesting. So the
above
> probably makes more sense.
> 
Thanks, Tom.  I think that gives me a starter...

cheers,

________________________
Eduardo Ferreira
Icatu Holding S.A.
Supervisor de TI
(5521) 3804-8606

Myself wrote on 16/12/2004 16:32:23:
> Tom wrote on 16/12/2004 16:00:24:
[...]
> Thanks, Tom.  I think that gives me a starter...
> 
> cheers,
> 
I couldn''t wait for the holidays...  Here is a 0.0.1 version of an
utility
that helps you to walk thru the iptables chain.  Its format is:
iptwalk [ INPUT | FORWARD | OUTPUT ]
at start time, it displays the chain you asked on the command line.  From 
there, you can choose a line to list another chain or quit.  It displays, 
in the header, the path to the current chain...

please, this is a 0.0.1 version. no error-checking, no much testing.  Feel 
free to use and modify it...

cheers,

________________________
Eduardo Ferreira
Icatu Holding S.A.
Supervisor de TI
(5521) 3804-8606 

ps: Bob, this is the second sunny day in a row.  tomorrow, I will get a 
tan...