Re: [Fwbuilder-discussion] Problems with Logging
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] Problems with Logging
|
From: Vadim K. <va...@vk...> - 2004-08-30 00:44:36
|
On Aug 29, 2004, at 2:13 PM, Doug Lytle wrote: > > >>6. Logging > > *>>6.1. *I do not see log records in /var/log/messages, what's wrong? > > * * >>RedHat Linux comes with syslog preconfigured to write all log > messages with level "info" and higher to /var/log/messages, while > iptables script generated by Firewall Builder by default logs > everything as "debug". You need either to edit /etc/syslog.conf to > make >>all "debug" messages to be logged, or change log level to > "info" in iptables tab in firewall dialog > > According to the syslog.conf for Mandrake 9.2, debug for Kernel > logging goes to /var/log/kernel/info. by the way, I assumed that you are looking in the log files on the firewall, i.e. on the machine where you run iptables. Is this correct ? Just to make sure iptables indeed logs packets, you can run "dmesg" command on the firewall. Dmesg prints kernel's logging buffer. If dmesg shows iptables log but you do not see it in any log file, then the problem is somewhere in syslog configuration. You may use log level that your syslog configuration does not write to files. If dmesg does not show any iptables log, then the problem is not with syslog. Check if you by any chance turned on ULOG logging. ULOG requires special daemon to collect log information. Depending on your policy, it may happen that there were no packets matching any rule with logging. Try to turn logging on on some rule for which you can generate packets at will and see if you can get log entries. > *>>6.4. *How can I make particular rule send special text to the log > when packet hits it? > > >>You can use rule options dialog and add unique log prefix for this > rule. Open rule options dialog by right mouse clicking on rule element > in the "Options" column. This way you can make rules generate special > lines in the log, which you can later process with >>automated script, > ot simply use while troubleshooting your policy. > > This I've done with no positive results. custom log prefixes are useful when you can get log at all. > Also noted in the syslog.conf is: > > "Don't log private authentication messages!" > > A TCP/IP initiated connection wouldn't be considered this, would it? > no > NOTE: > > *>>6.4. *How can I make particular rule send special text to the log > when packet hits it? > > >>You can use rule options dialog and add unique log prefix for this > rule. Open rule options dialog by right mouse clicking on rule element > in the "Options" column. This way you can make rules generate special > lines in the log, which you can later process with >>automated script, > ot simply use while troubleshooting your policy. > > ---------------------^ Should probably read, "to simply use while, > instead of ot simply use while" :-) > yeah, thanks. Thats a typo ... --vk > Doug > > > > > Vadim Kurland wrote: > >> >> >> this is strange. Policy compiler hasn't changed between fwbuilder 1.1 >> and 2.0 and it should generate the same logging commands. May be log >> level and facility do not match configuration in syslog.conf. There >> are some recommendation wrt logging in the FAQ, have you tried that ? >> >> Logging of all dropped packets requires special iptables patch that >> used to be available in patch-o-matic. I believe this patch is >> deprecated so I removed this checkbox from firewall settings dialog >> in v2.0. >> >> --vk >> >> >> >> ------------------------------------------------------- >> This SF.Net email is sponsored by BEA Weblogic Workshop >> FREE Java Enterprise J2EE developer tools! >> Get your free copy of BEA WebLogic Workshop 8.1 today. >> http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click >> _______________________________________________ >> Fwbuilder-discussion mailing list >> Fwb...@li... >> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion >> >> > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by BEA Weblogic Workshop > FREE Java Enterprise J2EE developer tools! > Get your free copy of BEA WebLogic Workshop 8.1 today. > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > _______________________________________________ > Fwbuilder-discussion mailing list > Fwb...@li... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion |