I am not familiar with Ufw, but it looks like a front-end to iptables. From what I gather, it includes the string [UFW BLOCK] in the log statements, but otherwise appears to be similar to the native iptables log statements.
So try adding the attached patch to the iptables script to account for the [UFW BLOCK] string in the log statements.
Also, by default iptables uses the ulogd daemon to log statements, and the default location is /var/log/ulogd. You can add your filename, as an entry of LogFile = /var/log/iptables.log in the conf/logfiles/iptables.conf file. If that works, you can also specify the Archive filenames for older log files.
Things are not working out well for me I'm afraid.
The patch made no difference so I completely reinstalled logwatch.
Then I changed Service = All to Service = iptables and received the error: Wrong configuration entry for "Service", if "All" selected, only "-" items are allowed
Same for sudo
I don't understand why?
Edit: There is no /var/log/ulogd
Last edit: Andrew Myers 2023-12-16
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am getting somewhere now.
Added LogFile = /var/log/iptables.log to the iptables default conf file and I am getting some results.
Ulogd is not installed by default in Arch and is not even included in the Artix repos. Do you think that the iptables.log entry should be included in the default iptables configuration?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The issue with custom settings for specific distributions is that it becomes difficult to maintain, and in some cases they are incompatible with the existing or default configurations. If the /var/log/iptables.log file is the default, and the patch to the script works, then it sounds fairly simple. So let us know if those two changes made it work.
If further configuration customization for Artix is required, it may be necessary to use the dist.conf feature: when installed, Logwatch creates the directories dist.conf/logfiles and dist.conf/services (under the default /usr/share/logwatch, if not specified). Custom configurations can be specified for distributions. For example, there could be an Artix-specific package that installs the necessary configuration files so that Artix users don't have to modify their individual installations.
More details are explained in the HOWTO-Customize-LogWatch file, specifically sections 3. and 3.A.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If the /var/log/iptables.log file is the default, and the patch to the script works, then it sounds fairly simple. So let us know if those two changes made it work.
The patch was not needed in the end.
I am slightly surprised that the iptables.log is not in the iptables configuration file as a default, that is all.
Thanks for your all your help. Great to have logwatch back again. :)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am running logwatch 7.9 on Articx linux 6.6.4 with ufw 0.36.2
Ufw is logging to /var/log/iptables.log
/usr/share/logwatch/default.conf/services/iptables.conf includes:
logwatch.conf includes:
Service = AllSo why do I not see any iptables section in the logwatch report?
Last edit: Andrew Myers 2023-12-15
I am not familiar with Ufw, but it looks like a front-end to iptables. From what I gather, it includes the string
[UFW BLOCK]in the log statements, but otherwise appears to be similar to the native iptables log statements.So try adding the attached patch to the iptables script to account for the
[UFW BLOCK]string in the log statements.Also, by default iptables uses the ulogd daemon to log statements, and the default location is
/var/log/ulogd. You can add your filename, as an entry ofLogFile = /var/log/iptables.login the conf/logfiles/iptables.conf file. If that works, you can also specify the Archive filenames for older log files.Things are not working out well for me I'm afraid.
The patch made no difference so I completely reinstalled logwatch.
Then I changed
Service = AlltoService = iptablesand received the error:Wrong configuration entry for "Service", if "All" selected, only "-" items are allowedSame for
sudoI don't understand why?
Edit: There is no /var/log/ulogd
Last edit: Andrew Myers 2023-12-16
I am getting somewhere now.
Added
LogFile = /var/log/iptables.logto the iptables default conf file and I am getting some results.Ulogd is not installed by default in Arch and is not even included in the Artix repos. Do you think that the iptables.log entry should be included in the default iptables configuration?
The issue with custom settings for specific distributions is that it becomes difficult to maintain, and in some cases they are incompatible with the existing or default configurations. If the /var/log/iptables.log file is the default, and the patch to the script works, then it sounds fairly simple. So let us know if those two changes made it work.
If further configuration customization for Artix is required, it may be necessary to use the dist.conf feature: when installed, Logwatch creates the directories dist.conf/logfiles and dist.conf/services (under the default /usr/share/logwatch, if not specified). Custom configurations can be specified for distributions. For example, there could be an Artix-specific package that installs the necessary configuration files so that Artix users don't have to modify their individual installations.
More details are explained in the HOWTO-Customize-LogWatch file, specifically sections 3. and 3.A.
The patch was not needed in the end.
I am slightly surprised that the iptables.log is not in the iptables configuration file as a default, that is all.
Thanks for your all your help. Great to have logwatch back again. :)