log tweak

Cyber Source peter at thecybersource.com
Mon Aug 1 09:05:04 EDT 2005


With that being said, then the default configuration for shorewall, 
firegate and firestarter or iptables themselves all write to 
/var/log/messages and completely clog the log, I can't see why this 
would ever be desirable. In looking for a solution that did not do this 
by default, I tried firestarter as this was mentioned on the list a 
while back by someone. I really like the app, simple straightforward, 
easy and it can be configured with dhcp. Nice little app and I got tired 
of editing 20 different files to configure shorewall not knowing if I 
missed something, etc.. One config file would be nice. I'm starting to 
think this might be iptables writing to the log. I will have to do more 
pokin. Thanks.

Richard Hubbard wrote:

> The very general rule is that  syslog only logs what it is told to.  
> So, depending on what you are using for your firewall, that is the 
> program configuration to change..
>
> for example if you are using shorewall (highly recommended, basically 
> a fairly complete front end for iptables, only understandable by 
> humans) there is a file 'shorewall.conf' which primarily configures 
> logging:
> http://shorewall.sourceforge.net/
> (click on documentation, then on Configuration File Reference Manual, 
> then on shorewall.conf)
> this has several configuration lines which allow you to set the log 
> level for lots of different events. Other firewalls should be similar. 
> Cyber Source wrote:
>
>> Ok, I know I posted about this a long time ago but it never got off 
>> the ground, at least on my end. Here is what I want to accomplish and 
>> the most helpful reply would be an example, I can figure out the 
>> options from there;
>>
>> I want to get more control of my syslog. I read the man pages on it 
>> and see that it uses "facilities" of which are the results of 
>> different functions, processes, whatever. Here is my problem, 
>> whenever I setup a system with a firewall, ALL the results of EVERY 
>> packet are sent to /var/log/messages. This totally clogs up and ruins 
>> the purpose of this general log file. So,
>>
>> 1. How can I filter a firewalls log post to go to another file?
>> 2. What facility would the firewall be using to post to the file, 
>> kernel?, and how do you know which facility it's using?
>> 3. Once you find what file determines what facility, can it be changed?
>> 4. Can you add a facility to be used for a custom setting you might 
>> want?
>>
>> TIA!
>>
>>
>



More information about the nflug mailing list