On 02/11/2018 03:58 PM, Thomas wrote:
> Hi,
> 
> I have modified /etc/shorewall/shorewall.conf
> cat /etc/shorewall/shorewall.conf | grep log
> LOGFILE=/var/log/shorewall.log
> STARTUP_LOG=/var/log/shorewall-init.log
> 
> and defined a rsyslog config file
> cat /etc/rsyslog.d/40-shorewall.conf
> $template shorewall-template,"%timegenerated% %msg%\n"
> :msg, contains, "Shorewall:" -/var/log/shorewall.log;shorewall-template
> & ~
> 
> but Shorewall does not log anything in /var/log/shorewall.log after
> restarting shorewall and rsyslog.
> 
> The policy file is this:
> cat /etc/shorewall/policy
> #SOURCE DEST    POLICY  LOG LEVEL       BURST:LIMIT
> net     all     DROP    $LOG
> loc     all     REJECT  $LOG
> fb      dmz     REJECT  $LOG
> fb      loc     REJECT  $LOG
> dmz     all     REJECT  $LOG
> vpn     all     REJECT  $LOG
> $FW     all     ACCEPT  $LOG
> # THE FOLLOWING POLICY MUST BE LAST
> all     all     REJECT  $LOG
> 
> How can I correct this?
> 

With your LOG_PREFIX setting, the Netfilter messages generated by your
ruleset do not contain 'Shorewall:'. So you either need to change
LOG_PREFIX to contain that string, or you need to use a regular
expression to match those messages:

        'IN=.* OUT=.*SRC=.*\..*DST='

-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to