Hi, On 25/09/14 03:27, Thomas D. wrote: > This is configurable. To see the current active logger, > > # sysctl net.netfilter.nf_log.2 > net.netfilter.nf_log.2 = ipt_ULOG
Hmm, I appear to be using nfnetlink_log currently: root@antares-a:/etc/shorewall# sysctl net.netfilter.nf_log.2 net.netfilter.nf_log.2 = nfnetlink_log Although the iptables LOG target still ends up in /var/log/kernel.log: Sep 25 14:02:59 antares-a kernel: [3547392.348520] Shwll:logflags:DROP:IN=vlan20 OUT=vlan22 MAC=00:60:dd:45:81:26:a8:88:08:cd:9d:ae:08:00:45:00:00:40 SRC=10.20.252.234 DST=74.125.237.222 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=31278 DF PROTO=TCP SPT=51137 DPT=443 WINDOW=65535 RES=0x00 SYN FIN URGP=0 root@antares-a:/etc/shorewall# iptables -nvL|grep LOG 2323 135K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 4 level 6 prefix "Shwll:logflags:DROP:" 270 18098 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix "Shwll:sfilter:DROP:" root@antares-a:/etc/shorewall# lsmod|grep LOG ipt_LOG 12605 2 x_tables 19118 20 xt_TRACE,ip_tables,iptable_filter,xt_conntrack,xt_multiport,iptable_raw,xt_CT,xt_tcpudp,iptable_mangle,xt_mark,xt_addrtype,ipt_REJECT,xt_dscp,iptable_nat,xt_comment,xt_time,xt_iprange,xt_recent,xt_mac,ipt_LOG > Now if you want to log to syslog, set "net.netfilter.nf_log.2" to "ipt_LOG" > > # sysctl net.netfilter.nf_log.2=ipt_LOG > > ...now, TRACE would log to syslog. Cool, I've done this and now I can see my beloved TRACE logs again: Sep 25 15:15:19 antares-a kernel: [3551732.698543] TRACE: mangle:POSTROUTING:policy:2 IN= OUT=vlan10 SRC=10.22.0.11 DST=10.10.20.21 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=16677 PROTO=ICMP TYPE=0 CODE=0 ID=17264 SEQ=1 > Maybe we can add this to shorewall's configuration like can speciy other > logging options in shorewall.conf? > > What do you and others think? It's a good idea, or at least documentation on the fact that various options exist and the default has changed. Thanks, -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
