Dear all, I have configured both shorewall and shorewall6 on my firewall. Shorewall is using ULOG as logging target and since that did not seem to work I tried using NFLOG in shorewall6. However, nothing is logged in the /var/log files. Three questions: - What am I doing wrong? I just use LOG=NFLOG in the params file. - Can I use NFLOG for shorewall too? - Do I need ulogd when setting the NFLOG target? Thanks in advance! Erwin ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
Erwin Van de Velde wrote:> Dear all, > > I have configured both shorewall and shorewall6 on my firewall. Shorewall is > using ULOG as logging target and since that did not seem to work I tried using > NFLOG in shorewall6. However, nothing is logged in the /var/log files. > > Three questions: > - What am I doing wrong? I just use LOG=NFLOG in the params file.That, by itself, does absolutely nothing. You also need to specify $LOG, everywhere you want logging. When you think something should have been logged, check ''shorewall6 show | grep NFLOG''; you should see packet counts > 0. If you do not, then no traffic is hitting your logging rules.> - Can I use NFLOG for shorewall too?Yes.> - Do I need ulogd when setting the NFLOG target?Yes. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
Dear all, On Wednesday 24 February 2010, Tom Eastep wrote:> > - What am I doing wrong? I just use LOG=NFLOG in the params file. > > That, by itself, does absolutely nothing. You also need to specify $LOG, > everywhere you want logging. When you think something should have been > logged, check ''shorewall6 show | grep NFLOG''; you should see packet > counts > 0. If you do not, then no traffic is hitting your logging rules.Ow sorry, perhaps it was not clear, I did not only specify LOG in the params file, but I also use it in policy and rules file (which are in fact the same as for the ipv4 firewall). I do see counts > 0, but the logs do contain only IPv4 and no IPv6 traffic. Do I have to configure something for ulog to log IPv6 traffic? Best regards, Erwin ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
Erwin Van de Velde wrote:> Dear all, > > On Wednesday 24 February 2010, Tom Eastep wrote: >>> - What am I doing wrong? I just use LOG=NFLOG in the params file. >> That, by itself, does absolutely nothing. You also need to specify $LOG, >> everywhere you want logging. When you think something should have been >> logged, check ''shorewall6 show | grep NFLOG''; you should see packet >> counts > 0. If you do not, then no traffic is hitting your logging rules. > > Ow sorry, perhaps it was not clear, I did not only specify LOG in the params > file, but I also use it in policy and rules file (which are in fact the same as > for the ipv4 firewall). I do see counts > 0, but the logs do contain only IPv4 > and no IPv6 traffic. Do I have to configure something for ulog to log IPv6 traffic?I don''t know -- you can read the docs as well as I can. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
Reasonably Related Threads
- ERROR: Log level INFO requires LOG Target in your kernel and iptables
- [Bug 921] New: log, ulog and nflog: command-line parameters are not supported
- shorewall6-lite's shorecap sourcing /usr/share/shorewall-lite/lib.base?
- Shorewall 4.1.0
- testing shorewall6 on a virtual machine