Hi Luckily, I did it on debian 2 days ago..
My gateway/Firewall is on debian jessie. What you did is correct however, in your /etc/rsyslog.d/50-default.conf you should had you log filename, here /var/log/firewall: --- content have the /etc/rsyslog.d/50-default.conf --- *.*;auth,authpriv.none;kern.!debug /var/log/firewall --- Quick explanation of your problem your configuration : records the iptable events, stores them in /var/log/syslog (as you wrote it your rsyslog conf file) and vuurmuur look for a /var/log/firewall file (which is empty as nothing is stored in it). Please, be aware of MY problem: everything (linked to iptables/conntrack events) will be stored in /var/log/firewall HOWEVER, I do have a some android and I-device, I do use chrome as web-browser. These OS and application are often sending http/https packet WITHOUT the SYN flag, thus vuurmuur marks those connection as "fw INVALID". your log file will still be a mess to read unless you counter-filter it "filter, "fw", unmark corresponding record" I looked into some iptables rules, conntrack rules, it seems nothing would allow outgoing/forwarding packet without this SYN flag. I am looking to increase the TTL of the SYN flag with conntrack if this is possible ----- Mail original ----- De: "Spud" <[email protected]> À: [email protected] Envoyé: Dimanche 8 Novembre 2015 07:16:16 Objet: [Vuurmuur-users] Logging problem Hi, I have been trying to stop vuurmuur writing to the syslog as its just flooding the logs making them impossible to find anything, so started googling and found this https://www.vuurmuur.org/trac/wiki/Logging First it talks about editing '/etc/syslog.conf' and adding 'kern.=debug /var/log/firewall' There is no '/etc/syslog.conf' but I do find 'rsyslog.conf' so look in there, tells me to look in '/etc/rsyslog.d/50-default.conf' Ok the format looks like what I'm looking for so I make these changes '*.*;auth,authpriv.none;kern.!debug /var/log/syslog' I have also gone into vuurmuurs configuration and changed the system filename from '/var/log/syslog' to '/var/log/firewall' and changed the loglevel to debug. This is where the problems then start, vuumuur no longer displays any output to the traffic.log from within vuurmurr_conf So can anyone tell me where I might have to start looking to fix this problem? Thanks in advance. -- db It denos't mtater waht oredr the ltteers in a wrod are, it's olny iprmoatnt taht the frist and lsat ltteer be at the rghit pclae.The rset can be a total mses and you can sitll raed it wouthit porbelm.Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe. ------------------------------------------------------------------------------ _______________________________________________ Vuurmuur-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vuurmuur-users ------------------------------------------------------------------------------ _______________________________________________ Vuurmuur-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
