On 02/11/2018 03:58 PM, Thomas wrote: > Hi, > > I have modified /etc/shorewall/shorewall.conf > cat /etc/shorewall/shorewall.conf | grep log > LOGFILE=/var/log/shorewall.log > STARTUP_LOG=/var/log/shorewall-init.log > > and defined a rsyslog config file > cat /etc/rsyslog.d/40-shorewall.conf > $template shorewall-template,"%timegenerated% %msg%\n" > :msg, contains, "Shorewall:" -/var/log/shorewall.log;shorewall-template > & ~ > > but Shorewall does not log anything in /var/log/shorewall.log after > restarting shorewall and rsyslog. > > The policy file is this: > cat /etc/shorewall/policy > #SOURCE DEST POLICY LOG LEVEL BURST:LIMIT > net all DROP $LOG > loc all REJECT $LOG > fb dmz REJECT $LOG > fb loc REJECT $LOG > dmz all REJECT $LOG > vpn all REJECT $LOG > $FW all ACCEPT $LOG > # THE FOLLOWING POLICY MUST BE LAST > all all REJECT $LOG > > How can I correct this? >
With your LOG_PREFIX setting, the Netfilter messages generated by your
ruleset do not contain 'Shorewall:'. So you either need to change
LOG_PREFIX to contain that string, or you need to use a regular
expression to match those messages:
'IN=.* OUT=.*SRC=.*\..*DST='
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
