> These will have to wait for Beta 2 -- at that point NFLOG() should work
> as you expect and you can specify 'DROP:C_MACRO(info)' if you want to
> make simple 'LOG' rules log at the 'info' level.
Noted.
> Rules in the ALL section come after the blacklist and the
> interface-option checks.
What I thought initially.
> When I want this type of logging, though, I use the 'iptrace' shorewall
> command. This not only logs each packet but traces it through the
> Netfilter chains.
My situation is different - I must log these packets to 3 different
destinations for different reasons - I'd use the "normal" log facility simply
to avoid some nasty NFLOG bugs amd as a sort of emergency packup when
everything else is screwed, will use NFLOG (class 1) for my main logging tool
as this goes across to a different site where all other logs are stored too,
will use a 3rd NFLOG statement to capture packet payloads if/when needed and
there will be a 4th, optional, log destination using the AUDIT target to be in
sync if/when I get SELInux-related alerts so that I don't spend my time looking
through various sources to find out what I am after.
> Copy the two attached files into ${SHAREDIR}/shorewall. The new target
> is 'Audit' and accepts one optional parameter (the audit type).
It works. You may change the "ERROR: Invalid AUDIT type (XXXXX)" message to
indicate what type of audit is acceptable (accept|reject|drop), but that's a
minor thing. Also, personally, I'd prefer this to be "AUDIT" instead of "Audit"
for consistency with LOG/NFLOG, but these are semantics really.
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
