Hi, Tom Eastep wrote: > Works fine here, but the Shorewall documentation is out of date. Rather > than logging to kern.warning, the TRACE records are now logged to ulogd: > > [...] > > I'll update the documentation.
This is configurable. To see the current active logger, # sysctl net.netfilter.nf_log.2 net.netfilter.nf_log.2 = ipt_ULOG To see a list of all available logger, # cat /proc/net/netfilter/nf_log 0 NONE (nfnetlink_log) 1 NONE (nfnetlink_log) 2 ipt_ULOG (nfnetlink_log,ipt_ULOG,ipt_LOG) 3 NONE (nfnetlink_log) 4 NONE (nfnetlink_log) 5 NONE (nfnetlink_log) 6 NONE (nfnetlink_log) 7 NONE (nfnetlink_log) 8 NONE (nfnetlink_log) 9 NONE (nfnetlink_log) 10 ip6t_LOG (nfnetlink_log,ip6t_LOG) 11 NONE (nfnetlink_log) 12 NONE (nfnetlink_log) Now if you want to log to syslog, set "net.netfilter.nf_log.2" to "ipt_LOG" # sysctl net.netfilter.nf_log.2=ipt_LOG ...now, TRACE would log to syslog. People who may ask about the magic numbers (why 2, why 10, why not 7...), these are the address type numbers, see https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include /linux/socket.h Maybe we can add this to shorewall's configuration like can speciy other logging options in shorewall.conf? What do you and others think? -Thomas ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
