Enhancement #2107
Shorewall: move Shorewall logs outside messages
Status: | CLOSED | Start date: | 09/03/2013 | |
---|---|---|---|---|
Priority: | Normal | Due date: | 09/24/2013 | |
Assignee: | - | % Done: | 100% | |
Category: | nethserver-shorewall | |||
Target version: | v6.4-beta2 | |||
Resolution: | NEEDINFO: | No |
Description
Shorewall log is very verbose.
Example of log lines on messages:
Aug 4 12:10:51 nsrv kernel: Shorewall:loc2fw:REJECT:IN=br0 OUT= MAC=00:1c:25:27:d7:03:00:16:3e:70:2e:c7:08:00 SRC=192.168.5.202 DST=192.168.5.254 LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=61557 PROTO=TCP SPT=49751 DPT=629 WINDOW=3072 RES=0x00 SYN URGP=0 Aug 4 12:10:51 nsrv kernel: Shorewall:loc2fw:REJECT:IN=br0 OUT= MAC=00:1c:25:27:d7:03:00:16:3e:70:2e:c7:08:00 SRC=192.168.5.202 DST=192.168.5.254 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=2508 PROTO=TCP SPT=49751 DPT=13701 WINDOW=1024 RES=0x00 SYN URGP=0
We should move all log into a separate files like /var/log/shorewall.log. Below there is a working configuration for rsyslog:
/etc/rsyslog.d/shorewall.conf:
:msg, startswith, "Shorewall:" -/var/log/shorewall.log & ~
Associated revisions
rsyslog config, createlinks: move Shorewall log to /var/log/shorewall.log. Refs #2107
History
#2 Updated by Giacomo Sanchietti almost 8 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#3 Updated by Filippo Carletti almost 8 years ago
We should move all log into a separate files like /var/log/shorewall.log. Below there is a working configuration for rsyslog:
Maybe /var/log/firewall.log could be easier to understand?
#4 Updated by Giacomo Sanchietti almost 8 years ago
Maybe /var/log/firewall.log could be easier to understand?
I agree.
#5 Updated by Giacomo Sanchietti almost 8 years ago
- Status changed from TRIAGED to MODIFIED
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 60
#6 Updated by Giacomo Sanchietti almost 8 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
New package in nethserver-testing:
nethserver-shorewall-1.0.1-1.0git078e3075.ns6.noarch.rpm
- Update installed package and verify that rsyslog has been restarted and Shorewall packet logging is now in /var/log/firewall.log
#7 Updated by Davide Principi almost 8 years ago
- Due date set to 09/24/2013
- Assignee set to Davide Principi
- Start date set to 09/03/2013
#8 Updated by Davide Principi almost 8 years ago
By the way, VERIFIED in a fresh installation: messages are sent to firewall.log
#9 Updated by Davide Principi almost 8 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 70 to 90
VERIFIED
Initial system:
# rpm -qa | grep ^neth nethserver-php-1.1.0-1.ns6.noarch nethserver-smartd-1.0.0-1.ns6.noarch nethserver-yum-1.1.1-1.ns6.noarch nethserver-lib-1.3.1-1.0git2f4e0795.ns6.noarch nethserver-nethgui-1.2.3-12.0git5b9e9170.ns6.noarch nethserver-openssh-1.0.2-3.0git38f86fc0.ns6.noarch nethserver-firewall-base-1.0.5-7.0git9a08773c.ns6.noarch nethserver-grub-1.0.1-1.ns6.noarch nethserver-release-6.4-beta1.noarch nethserver-ntp-1.0.4-1.ns6.noarch nethserver-base-1.4.1-10.0git148d5133.ns6.noarch nethserver-httpd-admin-1.0.5-2.0git1ca852bd.ns6.noarch nethserver-shorewall-1.0.0-1.ns6.noarch
Updated: nethserver-shorewall.noarch 0:1.0.1-1.0git078e3075.ns6
In /var/log/messages:
Oct 10 14:31:18 davidep2 esmith::event[17612]: [INFO] service rsyslog restart
In /var/log/firewall.log:
Oct 10 14:31:21 davidep2 kernel: Shorewall:fw2net:ACCEPT:IN= OUT=eth1 SRC=10.0.3.15 DST=2.228.72.62 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=123 DPT=123 LEN=56 [...]
#10 Updated by Davide Principi almost 8 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-shorewall-1.0.2-1.ns6.noarch.rpm