Tom Eastep wrote: > Guy Marcenac wrote: >> My shorewall dropped packets arent logged anymore. >> When I read my log, it began after a syslog reload, so I may have >> changed syslog configuration, but dont remember nor see anything weird >> in syslog.conf. >> >> /var/log/messages >> Oct 5 19:13:03 kim kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= >> MAC=00:1c:c0:65:22:3d:00:0f:90:98:e1:02:08:00 SRC=77.75.35.146 >> DST=91.121.169.122 LEN=40 TOS=0 >> x00 PREC=0x00 TTL=244 ID=13716 PROTO=TCP SPT=3025 DPT=1039 WINDOW=4096 >> RES=0x00 SYN URGP=0 >> Oct 5 19:21:18 kim exiting on signal 15 >> Oct 5 19:21:19 kim syslogd 1.4.1#18: restart. >> Oct 5 19:41:19 kim -- MARK -- >> >> If I understand the output of shorewall show, packets dropped ARE logged >> but they dont show in /var/log/messages. I added a specific kern.info >> log file which remains desperatetly empty. >> >> I attach the related sections of conofig files and a shorewall dump output > > Is klogd running? Do 'Shorewall' messages show up if you type 'dmesg'? > > This ISN'T a Shorewall problem. Neither Shorewall nor Netfilter have any > control over where the log messages go (or if they go) when the LOG > target is used.
And if I had to guess, I would say that there is something wrong with klogd. klogd is the daemon that monitors the kernel's ring buffer and forwards the messages to syslogd. Your test with 'logger' uses the 'syslog()' API which doesn't go through the ring buffer. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
