Am Montag, 1. November 2010, 21:51:10 schrieb davidMbrooke: > On Mon, 2010-11-01 at 12:04 +0000, davidMbrooke wrote: > > On Mon, 2010-11-01 at 12:36 +0100, KP Kirchdoerfer wrote: > > > Hi; > > > > > > I looked into shorewall logging and saw that ulogd is completly > > > broken... So for the near future we should go with syslog-ng and may > > > decide later if ulogd is worth the effort. > > > > > > Am Montag, 1. November 2010, 12:24:15 schrieb davidMbrooke: > > > > Hi, > > > > > > > > We need to make another decision about Shorewall / Shorewall6 logging > > > > of > > > > > > > > "DROP" and "REJECT" messages: > > > > - Should both sets of messages go to /var/log/shorewall.log ? > > > > - Should IPv4 messages go to /var/log/shorewall.log and IPv6 > > > > messages > > > > > > > > to /var/log/shorewall6.log ? > > > > > > > > I currently favour the second option, for consistency with the > > > > -init.log files and in case we want to process the logfiles in some > > > > way. Thoughts? > > > > > > of course they should be seperated. > > > > > > > Both Shorewall and Shorewall6 specify LOGFORMAT="Shorewall:%s:%s:" in > > > > e.g. /etc/shorewall/shorewall.conf so simply matching on "Shorewall" > > > > is not enough separate out the logs, and it is not possible (or at > > > > least not easy) to change Shorewall6 to specify > > > > LOGFORMAT="Shorewall6:%s:%s:" because that makes the log string too > > > > long... I tried that and got an error. > > > > > > > > I do have a working syslog-ng configuration that checks the format of > > > > the SRC= address and sends IPv4 logs to /var/log/shorewall.log and > > > > IPv6 logs to /var/log/shorewall.log. I think if we do that it stills > > > > gives the option to use ulogd instead (with ULOG in the Shorewall(6) > > > > config files). Seems like a good compromise to me. > > > > > > Yes; > > > > > > as soon as I have your syslog-ng.conf to test I will change shorewall > > > patches to use INFO instead of "ULOG". > > > > > > kp > > > > Thanks kp. Revised syslog-ng.conf file now in CVS at > > source/etc/syslog-ng.conf > > > > Right now the shorwall.lrp help text declares that ulogd.lrp is > > "Required". Perhaps amend that too? > > > > dMb > > My final annoyance is that I am still getting iptables log messages > on /dev/console, which is quite a problem when editing files on the > console (rather than over an SSH connection). This can be fixed with an > update to the "kernel.printk" setting in /etc/sysctl.conf as per > http://www.shorewall.net/FAQ.htm#faq16
For obvious reasons, I already did on my box :) > This setting affects all kernel messages, not just iptables, though > higher priority messages (e.g. crit) will still get through. I propose > to change the default setting in /etc/sysctl.conf if nobody has a > serious objection (currently: 7 4 1 7, proposed: 4 4 1 7). Users can > always adjust it themselves (lrcfg option 2.11). from Bering-uClibc 3.1beta: cat /proc/sys/kernel/printk 4 4 1 7 I have no objections kp ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel
