3 3

[alpine-devel] Shorewall Logs

Steve Fink
Details
Message ID
<13998206.4986.1294065432281.JavaMail.root@zimbra.netvantix.net>
Sender timestamp
1294065432
DKIM signature
missing
Download raw message
Where are the Shorewall logs stored? 


The Start/Stop/Restart info is written to /var/log/messages but I'm looking for the dropped packets and such. 



I've gone through the mailing list archives and cannot find any info. 


I've done some digging and see that this version of syslogd does not look at the syslog.conf I'm assuming that because they're kernel messages they're being handled by klogd but can't find where they're being written to. 


Thanks, 


Steve
Steve Fink
Details
Message ID
<23923891.5000.1294070707938.JavaMail.root@zimbra.netvantix.net>
In-Reply-To
<4D21E89E.3000507@freemail.gr> (view parent)
Sender timestamp
1294070707
DKIM signature
missing
Download raw message
Thanks for the replies. 


I had guessed that everything was going to /var/log/messages but wasn't sure. 


I looked through all of the log options in shorewall.conf and they all looked correct so I kept digging. 


In the file /etc/shorewall/policy is where the DROP policy is defined and I had failed to add the log level of "info". 


Thanks again for your help! 


Best, 


Steve 




----- Original Message ----- 
From: "Harry Lachanas" <grharry@freemail.gr> 
To: "Steve Fink" <sfink@netvantix.com> 
Cc: "Alpine-Devel" <alpine-devel@lists.alpinelinux.org> 
Sent: Monday, January 3, 2011 8:17:50 AM 
Subject: Re: [alpine-devel] Shorewall Logs 

On 01/03/2011 04:37 PM, Steve Fink wrote: 
> Where are the Shorewall logs stored? 
> 
In alpine they are sent to /var/log/messages 
> The Start/Stop/Restart info is written to /var/log/messages but I'm 
> looking for the dropped packets and such. 
> 
Do you have any dropped packets and enabled log in shorewall conf ?? 
> I've gone through the mailing list archives and cannot find any info. 
> 
> I've done some digging and see that this version of syslogd does not 
> look at the syslog.conf I'm assuming that because they're kernel 
> messages they're being handled by klogd but can't find where they're 
> being written to. 
> 
in order to log to /var/log/shorewall.log you have to load and config ulogd 
The documetation is in shorewall site. 
Cheers
Leonardo Arena
Details
Message ID
<AANLkTinEjkie0LWkT5kJPfEUzBifZ+pXdvPTKcQRR-aZ@mail.gmail.com>
In-Reply-To
<13998206.4986.1294065432281.JavaMail.root@zimbra.netvantix.net> (view parent)
Sender timestamp
1294067100
DKIM signature
missing
Download raw message
On Mon, Jan 3, 2011 at 3:37 PM, Steve Fink <sfink@netvantix.com> wrote:
> Where are the Shorewall logs stored?
> The Start/Stop/Restart info is written to /var/log/messages but I'm looking
> for the dropped packets and such.
>
> I've gone through the mailing list archives and cannot find any info.
> I've done some digging and see that this version of syslogd does not look at
> the syslog.conf I'm assuming that because they're kernel messages they're
> being handled by klogd but can't find where they're being written to.
> Thanks,
> Steve

Busybox syslog writes everything in /var/log/messages. It does not
support separated logfiles by facility.
So, your firewall logs should be there, provided that you have enable
logging of dropped/rejected packets in shorewall.

Regards,

- leonardo


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Harry Lachanas
Details
Message ID
<4D21E89E.3000507@freemail.gr>
In-Reply-To
<13998206.4986.1294065432281.JavaMail.root@zimbra.netvantix.net> (view parent)
Sender timestamp
1294067870
DKIM signature
missing
Download raw message
  On 01/03/2011 04:37 PM, Steve Fink wrote:
> Where are the Shorewall logs stored?
>
In alpine they are sent to /var/log/messages
> The Start/Stop/Restart info is written to /var/log/messages but I'm 
> looking for the dropped packets and such.
>
Do you have any dropped packets and enabled log in shorewall conf ??
> I've gone through the mailing list archives and cannot find any info.
>
> I've done some digging and see that this version of syslogd does not 
> look at the syslog.conf I'm assuming that because they're kernel 
> messages they're being handled by klogd but can't find where they're 
> being written to.
>
in order to log to /var/log/shorewall.log you have to load and config ulogd
The documetation is in  shorewall site.
Cheers