On 02/11/2018 03:58 PM, Thomas wrote: > Hi, > > I have modified /etc/shorewall/shorewall.conf > cat /etc/shorewall/shorewall.conf | grep log > LOGFILE=/var/log/shorewall.log > STARTUP_LOG=/var/log/shorewall-init.log > > and defined a rsyslog config file > cat /etc/rsyslog.d/40-shorewall.conf > $template shorewall-template,"%timegenerated% %msg%\n" > :msg, contains, "Shorewall:" -/var/log/shorewall.log;shorewall-template > & ~ > > but Shorewall does not log anything in /var/log/shorewall.log after > restarting shorewall and rsyslog. > > The policy file is this: > cat /etc/shorewall/policy > #SOURCE DEST POLICY LOG LEVEL BURST:LIMIT > net all DROP $LOG > loc all REJECT $LOG > fb dmz REJECT $LOG > fb loc REJECT $LOG > dmz all REJECT $LOG > vpn all REJECT $LOG > $FW all ACCEPT $LOG > # THE FOLLOWING POLICY MUST BE LAST > all all REJECT $LOG > > How can I correct this? >
With your LOG_PREFIX setting, the Netfilter messages generated by your ruleset do not contain 'Shorewall:'. So you either need to change LOG_PREFIX to contain that string, or you need to use a regular expression to match those messages: 'IN=.* OUT=.*SRC=.*\..*DST=' -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users