LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
LinkBack Search this Thread
Old 01-02-2011, 10:00 AM   #1
dman777
Member
 
Registered: Dec 2010
Distribution: Gentoo
Posts: 223

Rep: Reputation: 8
Using Rsyslog to redirect Shorewall messages but Shorewall is not a facility


I want to redirect Shorewall messages to a custom /var/log/firewall. Can that configuration be done in rsyslog.conf since Shorewall is not it's own facility?
 
Old 01-02-2011, 12:01 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,344

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
Not sure exactly where you are in what you're asking, but no shorewall can't have it's own, named, facility. You should first find out what facility it is already using, assuming it is logging to syslog and not direct to a file. If that facility is good enough, them just reference that one, e.g. local4. If it's being used for multiple services, them change shore wall to use something else.

Alternatively, you could use a different syslog service, e.g. syslog-ng which can filer on shutter attributes such as string matches in the log data, not just fac and pri.
 
Old 01-02-2011, 01:37 PM   #3
dman777
Member
 
Registered: Dec 2010
Distribution: Gentoo
Posts: 223

Original Poster
Rep: Reputation: 8
Code:
2011-01-02T09:45:27.537541-06:00 localhost kernel: [103213.655724] Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=192.168.1.100 DST=64.16.64.209 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53430 DF PROTO=TCP SPT=48956 DPT=3946 WINDOW=5840 RES=0x00 SYN URGP=0
Reading the shorewall documentation, it does use syslog.

If I am reading above code correctly it seems to be using the kernel facility. Is there a way I can filter out the shorewall alone and redirect it to local4?

I will read more into rsyslog filtering maybe I missed some action that I could use.

I choose rsyslog because it comes default with red hat and I am trying to get my RHCSA.

Last edited by dman777; 01-02-2011 at 01:53 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Configure rsyslog to filter all messages from kdm ? charlweed Linux - Software 2 10-25-2009 05:27 AM
INACTIVE firewall blocks my rsyslog messages tbergfeld Fedora 0 06-26-2008 04:52 AM
shorewall config question with /etc/shorewall/rules peter72 Linux - Networking 3 01-01-2007 09:33 PM
Log messages after uninstall of shorewall UnConundrum Linux - General 1 03-06-2006 08:14 PM
Shorewall not logging messages xxx_anuj_xxx Linux - Security 11 01-12-2006 10:52 PM


All times are GMT -5. The time now is 02:49 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration