Shorewall users - Mar 2008 - Logwatch patch for shorewall.

It is necessary to make minor adjustments to the 
logwatch scripts, to get logwatch to report 
the shorewall log entries. 

Searching the net, I could not find anybody that 
had repored successful marriage of those two. 

I hope this will help finding solutions when 
using shorewall. 
The patch is in the attached file, but in case the 
attachment does not get through, here it is - with 
all those long lines bent and broken: 

--- iptables.dist       2008-03-29 00:39:00.000000000 +0000
+++ iptables    2008-03-29 00:48:21.000000000 +0000
@@ -121,7 +121,7 @@
       $ipt2{$actionType}{$if}{$toport}{$proto}{$fromip}{$toip}{"$chain,
$if"}++;
    }
    # IPTABLES
-   elsif (($chain,$ifin,$ifout,$fromip,$toip,$proto,$rest) = ($ThisLine
=~ /^(.*?)\s*IN=(\w*).*?OUT=(\w*).*?SRC=([\w\.:]+).*?DST=([\w
\.:]+).*?PROTO=(\w+)(.*)/ )) {
+   elsif (($chain,$ifin,$ifout,$fromip,$toip,$proto,$rest) = ($ThisLine
=~ /^.*?Shorewall:(.*?):\s*IN=(\w*).*?OUT=(\w*).*?SRC=([\w
\.:]+).*?DST=([\w\.:]+).*?PROTO=(\w+)(.*)/ )) {

       # get a destination port number  (or icmp type) if there is one
       if (! ( ($toport) = ( $rest =~ /TYPE=(\w+)/ ) ) ) {


-- 
Kindest Regards, Anna Jonna Ármannsdóttir,       %&   A: Because people read
from top to bottom.
Unix System Aministration, Computing Services,   %&   Q: Why is top posting
bad?
University of Iceland.


-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It''s the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace

Anna Jonna Armannsdottir wrote:
> It is necessary to make minor adjustments to the 
> logwatch scripts, to get logwatch to report 
> the shorewall log entries. 
> 
> Searching the net, I could not find anybody that 
> had repored successful marriage of those two. 
> 
> I hope this will help finding solutions when 
> using shorewall. 
> The patch is in the attached file, 
Thanks, Anna.

I''ve made the patch available at:

http://www.shorewall.net/pub/shorewall/contrib/logwatch/
ftp://www.shorewall.net/pub/shorewall/contrib/logwatch/

Note that the patch may not be necessary if you set LOGPREFIX=" " in 
/etc/shorewall/shorewall.conf.

Some time ago, I used logwatch and I don''t recall having to patch the 
iptables script. I guess logwatch has been "improved" since then :-)

Thanks again,
-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It''s the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace