Re: [Shorewall-users] various logs activated - how to disable
Mekabe Ramein wrote: Hi, My Shorewall was working fine without any problems. I was managing it through the webmin module. I was not receiving any unwanted logs. Then I just wanted to see the logging feature and enabşed some logs from the webmin shorewall module. (debug level) Now I am receiving a lot of logs all in kern.log, debug and syslog files. Also my dmesg output is full of shorewall logs. I want to get rid of them. How can I disable all logging facility of Shorewall ? Btw, I disable what I activated from the webmin module and now it is disabled on the GUI. Which part did you enable logging on? If the policies or the rules file, use the appropriate webmin button to edit the config file manually. In the policies file the log level is the 4th field. Delete it on each non-comment line where it occurs. In the rules file it is after the action preceeded by a colon, e.g. REJECT:debug. Delete the colon and the log level. Paul - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
I had enabled it on policies and I've checked the policies file but there is no log or LOG in it. Also in the rules file there is no log or LOG Here are the files that include log or LOG: router:~# grep log /etc/shorewall/* /etc/shorewall/shorewall.conf:LOGFILE=/var/log/shorewall /etc/shorewall/start:run_iptables -I INPUT -i br0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug /etc/shorewall/start:run_iptables -I FORWARD -i br0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug /etc/shorewall/start:run_iptables -I FORWARD -o br0 -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug /etc/shorewall/start:run_iptables -I OUTPUT -o br0 -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug router:~# grep LOG /etc/shorewall/* /etc/shorewall/shorewall.conf:LOGFILE=/var/log/shorewall /etc/shorewall/shorewall.conf:LOGFORMAT=Shorewall:%s:%s: /etc/shorewall/shorewall.conf:LOGTAGONLY=No /etc/shorewall/shorewall.conf:LOGRATE= /etc/shorewall/shorewall.conf:LOGBURST= /etc/shorewall/shorewall.conf:LOGALLNEW= /etc/shorewall/shorewall.conf:BLACKLIST_LOGLEVEL= /etc/shorewall/shorewall.conf:MACLIST_LOG_LEVEL=$LOG /etc/shorewall/shorewall.conf:TCP_FLAGS_LOG_LEVEL=$LOG /etc/shorewall/shorewall.conf:RFC1918_LOG_LEVEL=$LOG /etc/shorewall/shorewall.conf:SMURF_LOG_LEVEL=$LOG /etc/shorewall/shorewall.conf:LOG_MARTIANS=No /etc/shorewall/start:run_iptables -I INPUT -i br0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug /etc/shorewall/start:run_iptables -I FORWARD -i br0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug /etc/shorewall/start:run_iptables -I FORWARD -o br0 -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug /etc/shorewall/start:run_iptables -I OUTPUT -o br0 -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug On 5/4/08, Paul Gear [EMAIL PROTECTED] wrote: Mekabe Ramein wrote: Hi, My Shorewall was working fine without any problems. I was managing it through the webmin module. I was not receiving any unwanted logs. Then I just wanted to see the logging feature and enabşed some logs from the webmin shorewall module. (debug level) Now I am receiving a lot of logs all in kern.log, debug and syslog files. Also my dmesg output is full of shorewall logs. I want to get rid of them. How can I disable all logging facility of Shorewall ? Btw, I disable what I activated from the webmin module and now it is disabled on the GUI. Which part did you enable logging on? If the policies or the rules file, use the appropriate webmin button to edit the config file manually. In the policies file the log level is the 4th field. Delete it on each non-comment line where it occurs. In the rules file it is after the action preceeded by a colon, e.g. REJECT:debug. Delete the colon and the log level. Paul - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
Mekabe Ramein wrote: I had enabled it on policies and I've checked the policies file but there is no log or LOG in it. Of course there isn't. Webmin provides an interface that allows you to point and click rather than use a text editor. It does not do your thinking and learning for you. If you want to know how the policy file works, at a shell prompt type man policy or go to http://www.shorewall.net/manpages/shorewall-policy.html and read. There you will find that the LOG LEVEL column contains a syslog level. Don't know what a syslog level is? Then start by reading http://www1.shorewall.net/shorewall_logging.html. You will also learn there that Shorewall itself does almost no logging and that the log messages that you are seeing are generated by Netfilter and are routed to the various log destinations by syslog (or syslog-ng). Finally, I advise against disabling logging completely. The sample configurations described at http://www.shorewall.net/shorewall_quickstart_guide.htm provide sensible default settings. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc Description: OpenPGP digital signature - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
Mekabe Ramein wrote: I had enabled it on policies and I've checked the policies file but there is no log or LOG in it. Also in the rules file there is no log or LOG I suggest you re-read the previous message - you are NOT looking for 'log' in any file. You might try grep -i debug /etc/shorewall/*, and as well as debug you might look for the other levels which are : info, notice, warning, err, crit, alert, and emerg Which part did you enable logging on? If the policies or the rules file, use the appropriate webmin button to edit the config file manually. In the policies file the log level is the 4th field. Delete it on each non-comment line where it occurs. In the rules file it is after the action preceeded by a colon, e.g. REJECT:debug. Delete the colon and the log level. You might also check in shorewall.conf and check the setting for VERBOSITY, BLACKLIST_LOGLEVEL, MACLIST_LOG_LEVEL, TCP_FLAGS_LOG_LEVEL, RFC1918_LOG_LEVEL, SMURF_LOG_LEVEL, LOG_MARTIANS. With the exception of VERBOSITY, all of this list should be spat out by grep LOG /etc/shorewall.conf. - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
Hi Tom Simon, Thanks for your emails and all the information you just sent. I will read the docs you've supplied, but just a quick reply: I understand what you both tell me. But then I don't understand why I am receiving all those logs as though my policy file is only: wan lan ACCEPT lan wan ACCEPT firewan ACCEPT firelan ACCEPT wan fireREJECT lan fireACCEPT And here is all results for the loglevel keywords. Btw, I am familiar with logging and loglevels. Also, I know how syslog acts, but I am not sure why all these are logged at all and why they are logged to dmesg at the same time. Any quick ideas would be helpful. Thanks - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
Sorry I forgot to paste my grep loglevel output. Here it is: router:~# grep -i debug /etc/shorewall/* /etc/shorewall/start:run_iptables -I INPUT -i br0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug /etc/shorewall/start:run_iptables -I FORWARD -i br0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug /etc/shorewall/start:run_iptables -I FORWARD -o br0 -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug /etc/shorewall/start:run_iptables -I OUTPUT -o br0 -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug router:~# grep -i info /etc/shorewall/* /etc/shorewall/shorewall.conf:# For information about the settings in this file, type man shorewall.conf /etc/shorewall/shorewall.conf:# Additional information is available at router:~# grep -i notice /etc/shorewall/* router:~# grep -i warn /etc/shorewall/* router:~# grep -i err /etc/shorewall/* router:~# grep -i crit /etc/shorewall/* router:~# grep -i alert /etc/shorewall/* router:~# grep -i emer /etc/shorewall/* router:~# I don't know why I have those debug keywords in the file named start. Any idea ? And here is the LOG related shorewall.conf items: LOGFILE=/var/log/shorewall LOGFORMAT=Shorewall:%s:%s: LOGTAGONLY=No LOGRATE= LOGBURST= LOGALLNEW= BLACKLIST_LOGLEVEL= MACLIST_LOG_LEVEL=$LOG TCP_FLAGS_LOG_LEVEL=$LOG RFC1918_LOG_LEVEL=$LOG SMURF_LOG_LEVEL=$LOG LOG_MARTIANS=No VERBOSITY=1 On 5/4/08, Mekabe Ramein [EMAIL PROTECTED] wrote: Hi Tom Simon, Thanks for your emails and all the information you just sent. I will read the docs you've supplied, but just a quick reply: I understand what you both tell me. But then I don't understand why I am receiving all those logs as though my policy file is only: wan lan ACCEPT lan wan ACCEPT firewan ACCEPT firelan ACCEPT wan fireREJECT lan fireACCEPT And here is all results for the loglevel keywords. Btw, I am familiar with logging and loglevels. Also, I know how syslog acts, but I am not sure why all these are logged at all and why they are logged to dmesg at the same time. Any quick ideas would be helpful. Thanks - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
Mekabe Ramein wrote: Hi Tom Simon, Thanks for your emails and all the information you just sent. I will read the docs you've supplied, but just a quick reply: I understand what you both tell me. But then I don't understand why I am receiving all those logs as though my policy file is only: wan lan ACCEPT That is a very foolish policy. I hope you don't expect this firewall to actually stop anything. lan wan ACCEPT firewan ACCEPT firelan ACCEPT wan fireREJECT lan fireACCEPT And here is all results for the loglevel keywords. Btw, I am familiar with logging and loglevels. Also, I know how syslog acts, but I am not sure why all these are logged at all and why they are logged to dmesg at the same time. A) If you would show us one of these messages rather than complain about them, we might be able to help you. Shorewall FAQ 17 might also be helpful. B) dmesg is just a user-space tool that dumps out the contents of the Kernels logging ring buffer. That is where ALL MESSAGES THAT ARE LOGGED BY THE KERNEL COME FROM. The klogd daemon also reads the ring buffer and forwards what it finds to syslog. So any kernel message that is logged by syslog is also available to dmesg. And they will continue to be visible to dmesg until they are overwritten by other log messages (unless you use the -c option). So make sure that new messages are actually being created and that you aren't just seeing messages that were created much earlier. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc Description: OpenPGP digital signature - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
Mekabe Ramein wrote: Sorry I forgot to paste my grep loglevel output. Here it is: router:~# grep -i debug /etc/shorewall/* /etc/shorewall/start:run_iptables -I INPUT -i br0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug /etc/shorewall/start:run_iptables -I FORWARD -i br0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug /etc/shorewall/start:run_iptables -I FORWARD -o br0 -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug /etc/shorewall/start:run_iptables -I OUTPUT -o br0 -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug Those are in your own /etc/shorewall/start file!!! *You* are putting them there, not Shorewall. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc Description: OpenPGP digital signature - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
On 5/4/08, Tom Eastep [EMAIL PROTECTED] wrote: That is a very foolish policy. I hope you don't expect this firewall to actually stop anything. lan wan ACCEPT firewan ACCEPT firelan ACCEPT wan fireREJECT lan fireACCEPT My LAN subnet is not reachable directly because it is not routed. I am using NAT on my WAN interface. And, this is just or beginning. I might think of hardening the rules when everything is working fine. A) If you would show us one of these messages rather than complain about them, we might be able to help you. Shorewall FAQ 17 might also be helpful. Some examples: BANDWIDTH_IN:IN=br0 OUT= PHYSIN=wlan0 MAC=00:0d:b9:12:cf:91:00:0e:35:83:22:7d:08:00 SRC=192.168.254.1 DST= 192.168.254.254 LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=42547 DF PROTO=TCP SPT=3813 DPT=22 WINDOW=15904 RES=0x00 ACK PSH URGP=0 BANDWIDTH_OUT:IN= OUT=br0 SRC=192.168.254.254 DST=192.168.254.1 LEN=92 TOS=0x10 PREC=0x00 TTL=64 ID=37603 DF PROTO=TCP SPT=22 DPT=3813 WINDOW=8576 RES=0x00 ACK PSH URGP=0 BANDWIDTH_IN:IN=br0 OUT= PHYSIN=wlan0 MAC=00:0d:b9:12:cf:91:00:0e:35:83:22:7d:08:00 SRC=192.168.254.1 DST= 192.168.254.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=42548 DF PROTO=TCP SPT=3813 DPT=22 WINDOW=15852 RES=0x00 ACK URGP=0 BANDWIDTH_IN:IN=br0 OUT= PHYSIN=wlan0 MAC=00:0d:b9:12:cf:91:00:0e:35:83:22:7d:08:00 SRC=192.168.254.1 DST= 192.168.254.254 LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=42549 DF PROTO=TCP SPT=3813 DPT=22 WINDOW=15852 RES=0x00 ACK PSH URGP=0 BANDWIDTH_OUT:IN= OUT=br0 SRC=192.168.254.254 DST=192.168.254.1 LEN=92 TOS=0x10 PREC=0x00 TTL=64 ID=37604 DF PROTO=TCP SPT=22 DPT=3813 WINDOW=8576 RES=0x00 ACK PSH URGP=0 BANDWIDTH_IN:IN=br0 OUT= PHYSIN=wlan0 MAC=00:0d:b9:12:cf:91:00:0e:35:83:22:7d:08:00 SRC=192.168.254.1 DST= 192.168.254.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=42550 DF PROTO=TCP SPT=3813 DPT=22 WINDOW=15800 RES=0x00 ACK URGP=0 BANDWIDTH_IN:IN=br0 OUT= PHYSIN=wlan0 MAC=00:0d:b9:12:cf:91:00:0e:35:83:22:7d:08:00 SRC=192.168.254.1 DST= 192.168.254.254 LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=42551 DF PROTO=TCP SPT=3813 DPT=22 WINDOW=15800 RES=0x00 ACK PSH URGP=0 BANDWIDTH_OUT:IN= OUT=br0 SRC=192.168.254.254 DST=192.168.254.1 LEN=92 TOS=0x10 PREC=0x00 TTL=64 ID=37605 DF PROTO=TCP SPT=22 DPT=3813 WINDOW=8576 RES=0x00 ACK PSH URGP=0 B) dmesg is just a user-space tool that dumps out the contents of the Kernels logging ring buffer. That is where ALL MESSAGES THAT ARE LOGGED BY THE KERNEL COME FROM. The klogd daemon also reads the ring buffer and forwards what it finds to syslog. So any kernel message that is logged by syslog is also available to dmesg. And they will continue to be visible to dmesg until they are overwritten by other log messages (unless you use the -c option). So make sure that new messages are actually being created and that you aren't just seeing messages that were created much earlier. New messages are being created every second. I am sure because I also watch them by tail -f /var/log/messages - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
On 5/4/08, Tom Eastep [EMAIL PROTECTED] wrote: Mekabe Ramein wrote: Sorry I forgot to paste my grep loglevel output. Here it is: router:~# grep -i debug /etc/shorewall/* /etc/shorewall/start:run_iptables -I INPUT -i br0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug /etc/shorewall/start:run_iptables -I FORWARD -i br0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug /etc/shorewall/start:run_iptables -I FORWARD -o br0 -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug /etc/shorewall/start:run_iptables -I OUTPUT -o br0 -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug Those are in your own /etc/shorewall/start file!!! *You* are putting them there, not Shorewall. Well, I didn't write that start file. I just used the webmin module. How can I remove them ? - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
Mekabe Ramein wrote: On 5/4/08, *Tom Eastep* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: That is a very foolish policy. I hope you don't expect this firewall to actually stop anything. lan wan ACCEPT firewan ACCEPT firelan ACCEPT wan fireREJECT lan fireACCEPT My LAN subnet is not reachable directly because it is not routed. I am using NAT on my WAN interface. And, this is just or beginning. I might think of hardening the rules when everything is working fine. If I were connected to the same IP network as your WAN interface, I could get to every one of your LAN systems. They are COMPLETELY ACCESSIBLE from within that network. A) If you would show us one of these messages rather than complain about them, we might be able to help you. Shorewall FAQ 17 might also be helpful. Some examples: BANDWIDTH_IN:IN=br0 OUT= PHYSIN=wlan0 MAC=00:0d:b9:12:cf:91:00:0e:35:83:22:7d:08:00 SRC=192.168.254.1 http://192.168.254.1 DST=192.168.254.254 http://192.168.254.254 LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=42547 DF PROTO=TCP SPT=3813 DPT=22 WINDOW=15904 RES=0x00 ACK PSH URGP=0 BANDWIDTH_OUT:IN= OUT=br0 SRC=192.168.254.254 http://192.168.254.254 DST=192.168.254.1 http://192.168.254.1 LEN=92 TOS=0x10 PREC=0x00 TTL=64 ID=37603 DF PROTO=TCP SPT=22 DPT=3813 WINDOW=8576 RES=0x00 ACK PSH URGP=0 Those are coming from the entries in your /etc/shorewall/start file. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc Description: OpenPGP digital signature - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
Mekabe Ramein wrote: On 5/4/08, *Tom Eastep* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Mekabe Ramein wrote: Sorry I forgot to paste my grep loglevel output. Here it is: router:~# grep -i debug /etc/shorewall/* /etc/shorewall/start:run_iptables -I INPUT -i br0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug /etc/shorewall/start:run_iptables -I FORWARD -i br0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug /etc/shorewall/start:run_iptables -I FORWARD -o br0 -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug /etc/shorewall/start:run_iptables -I OUTPUT -o br0 -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug Those are in your own /etc/shorewall/start file!!! *You* are putting them there, not Shorewall. Well, I didn't write that start file. I just used the webmin module. The /etc/shorewall/start file is for adding shell commands to be run at the end of 'shorewall start' and 'shorewall restart'. I'm doubtful that the Shorewall Webmin modules does anything with that file but however those rules got there, they didn't get there as a result of any standard Shorewall configuration option. How can I remove them ? Use a text editor. Or simply remove the file entirely. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc Description: OpenPGP digital signature - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
On 5/4/08, Tom Eastep [EMAIL PROTECTED] wrote: If I were connected to the same IP network as your WAN interface, I could get to every one of your LAN systems. They are COMPLETELY ACCESSIBLE from within that network. No. Because my wan Interface has a an IP address assigned by the ISP with 255.255.255.255 mask and the internal network is not routed by the ISP. Anyway, this is a matter of network and I am sure that there is no danger :) Those are coming from the entries in your /etc/shorewall/start file. But what wrote them to the start file ? How can I remove them ? - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
On 5/4/08, Tom Eastep [EMAIL PROTECTED] wrote: Use a text editor. Or simply remove the file entirely. Ok. But why there is a start file if it's not created by Shorewall ? - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
Mekabe Ramein wrote: On 5/4/08, Tom Eastep [EMAIL PROTECTED] wrote: Use a text editor. Or simply remove the file entirely. Ok. But why there is a start file if it's not created by Shorewall ? Shorewall comes with an EMPTY start file: # # Shorewall version 4 - Start File # # /etc/shorewall/start # # Add commands below that you want to be executed after shorewall has # been started or restarted. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. # ### #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE Shorewall itself never writes to the file. So you or some piece of software that you installed put those entries there. Accept the fact and move on. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc Description: OpenPGP digital signature - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
Ok. Thank you. I just removed them and logs have stopped. I think now I found the reason. There is a module named Bandwidth Monitoring in Webmin. I had played with that. So it wrote the start file I guess. I will be more sure after I reboot. Before this module can report on network usage on your system, it must be set up to monitor traffic on the selected external network interface. Several firewall rules must be added. *Warning - this module will log ALL network traffic sent or received on the selected interface. This will consume a large amount of disk space and CPU time on a fast network connection.* - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
I've rebooted; and yes it is solved. Thanks for all the help. Now I just have one issue. I want to change the destination of the logs to another file(if I activate any logs). I don't want to use the syslog and kern.log files. In fact, I have the following line in my shorewall.conf file, but this file is never created. How can I activate this ? I've read the logging documentation that you've sent but I am not sure how to proceed ? Now, my system has klogd and syslogd. Do I have to install ulog for redirecting the log output to another file ? - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] various logs activated - how to disable
Mekabe Ramein wrote: I've rebooted; and yes it is solved. Thanks for all the help. Now I just have one issue. I want to change the destination of the logs to another file(if I activate any logs). I don't want to use the syslog and kern.log files. In fact, I have the following line in my shorewall.conf file, but this file is never created. How can I activate this ? From man shorewall.conf: LOGFILE=[pathname] This parameter tells the /sbin/shorewall program where to look for Shorewall messages when processing the dump, logwatch, show log, and hits commands. Notice that it does NOT say that LOGFILE directs where the log goes. I've read the logging documentation that you've sent but I am not sure how to proceed ? Now, my system has klogd and syslogd. Do I have to install ulog for redirecting the log output to another file ? Either that (and use ULOG in your shorewall configuration files) or install syslog-ng. One more time -- it is the kernel that creates the log messages, not Shorewall. Shorewall can direct the kernel to log through syslog (syslog-ng) or through ulogd; those are the only two choices. Where the messages are written to is determined by syslog (syslog-ng) or ulogd -- NOT Shorewall. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc Description: OpenPGP digital signature - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
