From: Heiko Z. <hz...@pr...> - 2003-01-17 21:27:39
|
On 01/17/2003 03:50:37 PM mail wrote: >when i send packets that are blocked by the firewall i can not see the= m >in syslog-ng. >any ideas ? Try to specify the loglevel: e.g.: iptables -A my_drop -p TCP -j LOG --log-level debug --log-pref= ix " **DROP-TCP*** " Regards Heiko = |
From: Heiko Z. <hz...@pr...> - 2003-01-20 14:26:00
|
On 01/20/2003 05:39:42 AM mail wrote: >thank you very mutch. >the problem is i need to do it on the devel stuff because i have some >changed scripts for compact flash. >i re install the new devel sources and try it with this. Ok, I uploaded everything yesterday, so you can create a bleeding-edge version. >(the compact flashchanges are not ready for distribution because at th= e >moment i am not a good bash programmer (but i work on it!)) Guess when I learned to program bash ? Yes correct, when I started crea= ting DL ! ;-) Regards Heiko = |
From: Heiko Z. <hz...@pr...> - 2003-01-20 14:37:34
|
On 01/19/2003 10:15:12 PM "Jet \(jc...@tr...\)" wrote: >So far, I've no problem with 0.6b1 syslog-ng (other than the OOM kerne= l >bug??). You have to be carefull, there is no official 0.6b1 yet, the ones you'r= e using are only "testing" releases. However I also use them in production environments and they "should" be= stable. Regards Heiko = |
From: <ma...@si...> - 2003-01-18 15:47:51
|
> > >>when i send packets that are blocked by the firewall i can not see them >>in syslog-ng. >>any ideas ? >> >> > >Try to specify the loglevel: >e.g.: iptables -A my_drop -p TCP -j LOG --log-level debug --log-prefix " >**DROP-TCP*** " > > i done this and i have still no log. i searched for a syslog-ng doc that gives me a hint but i cant find somithing until now. there is only the syslog-ng start message and verery 10 min a STATS: message still no iptables log. please help roland |
From: Todd R. <mtr...@pe...> - 2003-01-18 17:00:18
|
Try upping the log-level, I forget the name, but use 6 (or 5) instead of 'debug'. [to everyone ? debug=7 right?] I don't think you want to go beyond 3 or it will start showing up on the console. Todd On Sat, 2003-01-18 at 10:46, ma...@si... wrote: > > > > > >>when i send packets that are blocked by the firewall i can not see them > >>in syslog-ng. > >>any ideas ? > >> > >> > > > >Try to specify the loglevel: > >e.g.: iptables -A my_drop -p TCP -j LOG --log-level debug --log-prefix " > >**DROP-TCP*** " > > > > > > i done this and i have still no log. > i searched for a syslog-ng doc that gives me a hint but i cant find > somithing until now. > > there is only the syslog-ng start message and verery 10 min a STATS: > message still no iptables log. > > please help > roland > > > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will > allow you to extend the highest allowed 128 bit encryption to all your > clients even if they use browsers that are limited to 40 bit encryption. > Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss -- Todd Robinson <mtr...@pe...> |
From: Heiko Z. <he...@zu...> - 2003-01-18 17:26:57
|
ma...@si... wrote: > i done this and i have still no log. > i searched for a syslog-ng doc that gives me a hint but i cant find > somithing until now. > > there is only the syslog-ng start message and verery 10 min a STATS: > message still no iptables log. Do you use the 0.5 or a testing release? Can you post your syslog-ng.conf? (change any IP addresses !!!) Does a "ps ax" show klogd and syslog-ng ? When you execute "logger test" do you see the message showing up? -- Regards Heiko We are Penguin, resistance is futile! http://www.devil-linux.org |
From: <ma...@si...> - 2003-01-19 12:59:32
|
> Do you use the 0.5 or a testing release? i use the 0.6beta1 release > > When you execute "logger test" do you see the message showing up? > NO ???!!! > > Can you post your syslog-ng.conf? (change any IP addresses !!!) ##################################################################### # define options for syslog ##################################################################### options { long_hostnames(on); sync(0); time_reopen(60); use_dns (no); use_time_recvd (yes); }; ##################################################################### # define the source pipe for all local messages ##################################################################### source src { unix-dgram("/dev/log"); internal(); }; ##################################################################### # print all messages on tty10 ##################################################################### destination console { file("/dev/tty10"); }; log { source(src); destination(console); }; ##################################################################### # send all messages to the loghost ##################################################################### #destination loghost { udp("172.22.22.50" port(514)); }; #log { source(src); destination(loghost); }; ##################################################################### # END ##################################################################### > > Does a "ps ax" show klogd and syslog-ng ? PID TTY STAT TIME COMMAND 1 ? S 0:04 init [3] 2 ? SW 0:00 [keventd] 3 ? SWN 0:00 [ksoftirqd_CPU0] 4 ? SW 0:00 [kswapd] 5 ? SW 0:00 [bdflush] 6 ? SW 0:00 [kupdated] 576 ? S 0:00 klogd -c 2 <<<<<<<<<<<<<<<<<<<<<<<<<<<<< 582 ? S 0:00 /usr/sbin/jftpgw -f /etc/jftpgw.conf 591 ? S 0:01 /usr/sbin/sshd 716 ? S 0:00 syslog-ng restart <<<<<<<<<<<<<<<<<<<<<<<<<<<< 753 ? S 0:00 /usr/sbin/sshd 754 pts/1 S 0:00 -bash i also try 5 or 6 instead of debug (in iptables log chain) ... does also not work. thx for help roland |
From: Heiko Z. <he...@zu...> - 2003-01-19 14:47:08
|
ma...@si... wrote: >> Do you use the 0.5 or a testing release? > i use the 0.6beta1 release I get the feeling it's one of those releases, where syslog-ng has problems due to a bug in the Kernel. I already have a new DL test version available, but I currently can't upload it to our FTP server (login probs). -- Regards Heiko We are Penguin, resistance is futile! http://www.devil-linux.org |
From: Heiko Z. <he...@zu...> - 2003-01-19 17:17:09
|
Heiko Zuerker wrote: > ma...@si... wrote: > >>> Do you use the 0.5 or a testing release? >> >> i use the 0.6beta1 release > > > I get the feeling it's one of those releases, where syslog-ng has > problems due to a bug in the Kernel. > I already have a new DL test version available, but I currently can't > upload it to our FTP server (login probs). Upload is running! You find a new testing release in about an hour (now = 12:13 GMT-5) here: ftp://ftp.devil-linux.org/pub/devel/testing It's a full build, so nothing should be missing. -- Regards Heiko We are Penguin, resistance is futile! http://www.devil-linux.org |
From: <ma...@si...> - 2003-01-20 10:40:37
|
> > Upload is running! > You find a new testing release in about an hour (now = 12:13 GMT-5) here: > ftp://ftp.devil-linux.org/pub/devel/testing > thank you very mutch. the problem is i need to do it on the devel stuff because i have some changed scripts for compact flash. i re install the new devel sources and try it with this. (the compact flashchanges are not ready for distribution because at the moment i am not a good bash programmer (but i work on it!)) regards roland |
From: Jet \(<jc...@tr...> - 2003-01-20 03:16:49
|
Hi, just pop in and see if this will help. >From your syslog config, we assume the log is log locally (not forwarding to anywhere). >From the "ps ax" output, seems like syslog-ng is not running. Probably, this is why you don't get anything using "logger test". It merely starting (restarting). Do you have something like these? 633 ? S 0:00 syslog-ng 636 ? S 0:00 klogd -c 2 So far, I've no problem with 0.6b1 syslog-ng (other than the OOM kernel bug??). I thnk you better solve the syslog problem first. Make sure similar two lines are shown using "ps ax" Next check you iptables configuration. I know you have a new chain called "my_drop". But do you actually point to my_drop, for example. iptables -P -j my_drop (Set the default policy jump to my_drop if nothing match) Hope this will help. - Jet Security Analyst email: jc...@tr... ----- Original Message ----- From: <ma...@si...> To: <dev...@li...> Sent: Sunday, January 19, 2003 8:58 PM Subject: Re: [Devil-Linux-discuss] probelm with iptables log target > > Do you use the 0.5 or a testing release? > > i use the 0.6beta1 release > > > > > > When you execute "logger test" do you see the message showing up? > > > NO ???!!! > > > > > > Can you post your syslog-ng.conf? (change any IP addresses !!!) > > ##################################################################### > # define options for syslog > ##################################################################### > options { long_hostnames(on); sync(0); time_reopen(60); use_dns (no); > use_time_recvd (yes); }; > > ##################################################################### > # define the source pipe for all local messages > ##################################################################### > source src { unix-dgram("/dev/log"); internal(); }; > > ##################################################################### > # print all messages on tty10 > ##################################################################### > destination console { file("/dev/tty10"); }; > log { source(src); destination(console); }; > > ##################################################################### > # send all messages to the loghost > ##################################################################### > #destination loghost { udp("172.22.22.50" port(514)); }; > #log { source(src); destination(loghost); }; > > ##################################################################### > # END > ##################################################################### > > > > > Does a "ps ax" show klogd and syslog-ng ? > > > PID TTY STAT TIME COMMAND > 1 ? S 0:04 init [3] > 2 ? SW 0:00 [keventd] > 3 ? SWN 0:00 [ksoftirqd_CPU0] > 4 ? SW 0:00 [kswapd] > 5 ? SW 0:00 [bdflush] > 6 ? SW 0:00 [kupdated] > 576 ? S 0:00 klogd -c 2 > <<<<<<<<<<<<<<<<<<<<<<<<<<<<< > 582 ? S 0:00 /usr/sbin/jftpgw -f /etc/jftpgw.conf > 591 ? S 0:01 /usr/sbin/sshd > 716 ? S 0:00 syslog-ng restart > <<<<<<<<<<<<<<<<<<<<<<<<<<<< > 753 ? S 0:00 /usr/sbin/sshd > 754 pts/1 S 0:00 -bash > > i also try 5 or 6 instead of debug (in iptables log chain) ... does also > not work. > > thx for help > roland > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: FREE SSL Guide from Thawte > are you planning your Web Server Security? Click here to get a FREE > Thawte SSL guide and find the answers to all your SSL security issues. > http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > *********************************************************************** > This message is intended only for the use of the intended recipient and > may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you > are not the intended recipient, you are hereby notified that any use, > dissemination, disclosure or copying of this communication is strictly > prohibited. If you have received this communication in error, please > destroy all copies of this message and its attachments and notify us > immediately. > *********************************************************************** > > > |
From: <ma...@si...> - 2003-01-19 13:36:24
|
i surf a little in the file system and i found in system/config KERNEL_LOGLEVEL=2 i dont know what this means ... is it possible that i need to change this setting too ? ( i try 6 .. but it does not help) regards roland |