Quote:
Originally Posted by marvin00001
I tried fwlogwatch but could not get that working.
|
You haven't post on LQ about that. What went wrong?
Quote:
Originally Posted by marvin00001
how to get logwatch working with shorewall logs.
|
Shorewall is nothing more than a firewall
management tool. By default firewall logging is done by the the in-kernel part of the firewall on Linux (called the Netfilter framework) and not Shorewall (using ULOG). Netfilter sends messages to syslogd. In /etc/syslog.conf is defined where those logs go. However Logwatch supports ulogd as well. Logwatch reporting is done by enabling the "iptables" service, files Logwatch reads to gather firewall logging are defined in (/usr/share/)logwatch/default.conf/services/iptables.conf and the actual parsing script is /usr/share/logwatch/scripts/services/iptables. To troubleshoot why something is not working you could make Logwatch process things more verbosely using the "--debug" switch. Also review what services you enabled in your logwatch.conf. If needed you can post contents (preferably in BB code tags) using something like 'grep -v ^# logwatch.conf|grep .' to weed out comments.