Hello list, according to: sourceforge.net/mailarchive/forum.php?thread_name=450EB7580E6AE7469F8826BFBF09BAB60889EC@earwax.uent.com&forum_name=shorewall-users i tried to setup the logging in shorewall to find out where my packages are hiding because i have almost the same problem. But i cannot get the logging working. I am trying to set it up with ulogd, but i dont get right and didnt get it right with syslog too. What am i missing? Here are the revelant config parts i hope: shorewall.conf VERBOSITY=2 LOGFILE=/var/log/shorewall.log LOGFORMAT="Shorewall:%s:%s:" LOGTAGONLY=No LOGRATE LOGBURST LOGALLNEW BLACKLIST_LOGLEVEL MACLIST_LOG_LEVEL=7 TCP_FLAGS_LOG_LEVEL=7 RFC1918_LOG_LEVEL=7 SMURF_LOG_LEVEL=7 And some examples from policy and rules int $FW DROP $LOG int ext ACCEPT $LOG ---- SSH/ACCEPT:ULOG ext $FW SSH/ACCEPT:ULOG $FW ext But the log file is empty, no matter what i try. As ist /var/log/syslog or /var/log/messages (ok, they are not empty, but iptables or shorewall messages are not to find). Greetings Sven ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! p.sf.net/sfu/devconf
On Tue, Sep 22, 2009 at 06:16:35PM +0200, Sven Richter wrote:> > I am trying to set it up with ulogd, but i dont get right and didnt > get it right with syslog too. > What am i missing?If all you want is for all the packets to be logged, then the default shorewall.conf settings, along with specifying a log level in /etc/shorewall/policy will do the trick. For example, to log all traffic, set the log level for every entry in /etc/shorewall/policy to the "info" level. Regards, -Roberto -- Roberto C. Sánchez people.connexer.com/~roberto connexer.com ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! p.sf.net/sfu/devconf
Thank you very much, that worked. Greetings Sven On Tue, Sep 22, 2009 at 9:26 PM, Roberto C. Sánchez <roberto@connexer.com> wrote:> On Tue, Sep 22, 2009 at 06:16:35PM +0200, Sven Richter wrote: >> >> I am trying to set it up with ulogd, but i dont get right and didnt >> get it right with syslog too. >> What am i missing? > > If all you want is for all the packets to be logged, then the default > shorewall.conf settings, along with specifying a log level in > /etc/shorewall/policy will do the trick. For example, to log all > traffic, set the log level for every entry in /etc/shorewall/policy to > the "info" level. > > Regards, > > -Roberto > -- > Roberto C. Sánchez > people.connexer.com/~roberto > connexer.com > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkq5JOIACgkQ5SXWIKfIlGQchwCgsbYVzmT8K9OBchgfOUdMwc2o > AuAAn3qYF2bNwvpTxBmS3RBN7EUIcHr6 > =n8Vs > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > p.sf.net/sfu/devconf > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! p.sf.net/sfu/devconf