Enhancement #2107

Shorewall: move Shorewall logs outside messages

Added by Giacomo Sanchietti almost 8 years ago. Updated almost 8 years ago.

Status:CLOSEDStart date:09/03/2013
Priority:NormalDue date:09/24/2013
Assignee:-% Done:

100%

Category:nethserver-shorewall
Target version:v6.4-beta2
Resolution: NEEDINFO:No

Description

Shorewall log is very verbose.

Example of log lines on messages:

Aug  4 12:10:51 nsrv kernel: Shorewall:loc2fw:REJECT:IN=br0 OUT= MAC=00:1c:25:27:d7:03:00:16:3e:70:2e:c7:08:00 SRC=192.168.5.202 DST=192.168.5.254 LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=61557 PROTO=TCP SPT=49751 DPT=629 WINDOW=3072 RES=0x00 SYN URGP=0 
Aug  4 12:10:51 nsrv kernel: Shorewall:loc2fw:REJECT:IN=br0 OUT= MAC=00:1c:25:27:d7:03:00:16:3e:70:2e:c7:08:00 SRC=192.168.5.202 DST=192.168.5.254 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=2508 PROTO=TCP SPT=49751 DPT=13701 WINDOW=1024 RES=0x00 SYN URGP=0 

We should move all log into a separate files like /var/log/shorewall.log. Below there is a working configuration for rsyslog:

/etc/rsyslog.d/shorewall.conf:

:msg, startswith, "Shorewall:" -/var/log/shorewall.log
& ~

Associated revisions

Revision 078e3075
Added by Giacomo Sanchietti almost 8 years ago

rsyslog config, createlinks: move Shorewall log to /var/log/shorewall.log. Refs #2107

History

#2 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#3 Updated by Filippo Carletti almost 8 years ago

We should move all log into a separate files like /var/log/shorewall.log. Below there is a working configuration for rsyslog:

Maybe /var/log/firewall.log could be easier to understand?

#4 Updated by Giacomo Sanchietti almost 8 years ago

Maybe /var/log/firewall.log could be easier to understand?

I agree.

#5 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from TRIAGED to MODIFIED
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 60

#6 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70

New package in nethserver-testing:
nethserver-shorewall-1.0.1-1.0git078e3075.ns6.noarch.rpm

Test case
  • Update installed package and verify that rsyslog has been restarted and Shorewall packet logging is now in /var/log/firewall.log

#7 Updated by Davide Principi almost 8 years ago

  • Due date set to 09/24/2013
  • Assignee set to Davide Principi
  • Start date set to 09/03/2013

#8 Updated by Davide Principi almost 8 years ago

By the way, VERIFIED in a fresh installation: messages are sent to firewall.log

#9 Updated by Davide Principi almost 8 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90

VERIFIED

Initial system:

  # rpm -qa | grep ^neth
nethserver-php-1.1.0-1.ns6.noarch
nethserver-smartd-1.0.0-1.ns6.noarch
nethserver-yum-1.1.1-1.ns6.noarch
nethserver-lib-1.3.1-1.0git2f4e0795.ns6.noarch
nethserver-nethgui-1.2.3-12.0git5b9e9170.ns6.noarch
nethserver-openssh-1.0.2-3.0git38f86fc0.ns6.noarch
nethserver-firewall-base-1.0.5-7.0git9a08773c.ns6.noarch
nethserver-grub-1.0.1-1.ns6.noarch
nethserver-release-6.4-beta1.noarch
nethserver-ntp-1.0.4-1.ns6.noarch
nethserver-base-1.4.1-10.0git148d5133.ns6.noarch
nethserver-httpd-admin-1.0.5-2.0git1ca852bd.ns6.noarch
nethserver-shorewall-1.0.0-1.ns6.noarch

Updated:
  nethserver-shorewall.noarch 0:1.0.1-1.0git078e3075.ns6

In /var/log/messages:

Oct 10 14:31:18 davidep2 esmith::event[17612]: [INFO] service rsyslog restart

In /var/log/firewall.log:

Oct 10 14:31:21 davidep2 kernel: Shorewall:fw2net:ACCEPT:IN= OUT=eth1 SRC=10.0.3.15 DST=2.228.72.62 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=123 DPT=123 LEN=56 
[...]

#10 Updated by Davide Principi almost 8 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates:
nethserver-shorewall-1.0.2-1.ns6.noarch.rpm

Also available in: Atom PDF