On Sun, 2010-10-31 at 18:06 +0100, KP Kirchdoerfer wrote: > Hi David; > > Am Sonntag, 31. Oktober 2010, 17:26:54 schrieb davidMbrooke: > > On Sun, 2010-10-31 at 15:11 +0100, KP Kirchdoerfer wrote: > > > Am Sonntag, 31. Oktober 2010, 13:55:46 schrieb davidMbrooke: > > > > - A minor point, but Shorewall startup logs go > > > > > > > > to /var/log/shorewall.log whereas Shorewall6 startup logs go > > > > to /var/log/shorewall6-init.log (so IPv4 Shorewall should > > > > use /var/log/shorewall-init.log ?) > > > > > > That's shurely not intended - but if it gets fixed which way round? Is > > > there a need for shorewall-init.log? I tend to have only one logfile for > > > shorewall (and one for shorewall6 of course). > > > > > > kp > > > > Hi kp, > > > > It seems that "vanilla" Shorewall uses -init.log for both files. We > > patch Shorewall's /etc/shorewall.conf using our shorewall-lrp.diff and > > change the default for Shorewall (to /var/log/shorewall.log) but not for > > Shorewall6. > > > > My general preference is to align with "vanilla" Shorewall. I can see > > the value in having separate files for Shorewall's own "init" output > > versus iptables' DROP and REJECT message. For example, I like the idea > > of generating reports (or even real-time alerts) based on firewall hits, > > and that would be easiest if those are in a separate file from the > > "init" messages. > > Ok, will change for shorewall. > > > Looking around the 'net there does not seem to be too much agreement on > > a standard name for the "other" (non-init) logfile. (The vanilla setting > > in Shorewall is /var/log/messages and I do not propose to use that.) > > Some examples are: > > /var/log/shorewall > > /var/log/shorewall/warn.log > > /var/log/shorewall.log > > /var/log/firewall > > > > If anything that last one seems the most popular - standard in SUSE > > according to Tom's docs. I'd say either use that or stick > > with /var/log/shorewall.log (and presumably /var/log/shorewall6.log) for > > consistency with BuC 3.x. Thoughts? > > I still prefer shorewall(6).log. > > kp
Fine with me. So shorewall(6)-init.log and shorewall(6).log respectively. I see you have already fixed -init.log for Shorewall. Thanks very much. dMb ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel
