> ... how logging on a Unix system works ...
Shorewall -like many well-integrated *nix subsystems-
uses the "syslog" capability of *nix (rather than
rolling its own logging). So you can search Shorewall
documentation high and low and not find what you're
looking for; do `man syslog` on your *nix system (or
Google "man syslog").
Syslog has scads of capabilities for large complex
multi systems, but you can simply ignore all that. For
example there's a way to combine _in_real_time_
messages from several different systems onto one
system more or less dedicated to handling messages.
But you can just treat "syslog" as single-system.
Syslog pre-defines levels of messages. Applications
can't affect the names or the order (although they do
have quite a bit of latitude to choose for themselves
what they consider to be an "info" and what they
consider to be an "emerg" etc.). The pre-defined
levels (in decreasing order) are:
emerg system is or will be unusable if situation
is not resolved
alert immediate action required
crit critical situations
warning recoverable errors
notice unusual situation that merits
investigation; a significant event that is typically
part of normal day-to-day operation
info informational messages
debug verbose data for debugging
You control this with configuration of "syslog" itself
(often via the file /etc/syslog.conf). You control
which messages go into which file(s) and/or onto which
screen(s). Often the first 2/3 of this configuration
are set "by convention" ...but the convention is
different for different Linux distributions. You fill
in the rest of the configuration for optional
subsystems such as Shorewall.
There are two slightly different ways for configuring
"syslog" which are not quite fully compatible with
each other, so check your own system's documentation
carefully and thoroughly. Specifying a level normally
gives you that level _and_all_levels_above_it_, so for
example if you specify level "crit" you'll also get
levels "alert" and "emerg".
What the application documentation will usually tell
you is just enough information (something called a
"facility", a brief description of how the application
uses "levels") for you to configure "syslog" for that
application.
good luck!
-Chuck Kollars
____________________________________________________________________________________
Need a vacation? Get great deals
to amazing places on Yahoo! Travel.
http://travel.yahoo.com/
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
