Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 01-02-2011, 10:00 AM   #1
Registered: Dec 2010
Distribution: Gentoo
Posts: 232

Rep: Reputation: 8
Using Rsyslog to redirect Shorewall messages but Shorewall is not a facility

I want to redirect Shorewall messages to a custom /var/log/firewall. Can that configuration be done in rsyslog.conf since Shorewall is not it's own facility?
Old 01-02-2011, 12:01 PM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977
Not sure exactly where you are in what you're asking, but no shorewall can't have it's own, named, facility. You should first find out what facility it is already using, assuming it is logging to syslog and not direct to a file. If that facility is good enough, them just reference that one, e.g. local4. If it's being used for multiple services, them change shore wall to use something else.

Alternatively, you could use a different syslog service, e.g. syslog-ng which can filer on shutter attributes such as string matches in the log data, not just fac and pri.
Old 01-02-2011, 01:37 PM   #3
Registered: Dec 2010
Distribution: Gentoo
Posts: 232

Original Poster
Rep: Reputation: 8
2011-01-02T09:45:27.537541-06:00 localhost kernel: [103213.655724] Shorewall:all2all:REJECT:IN= OUT=eth0 SRC= DST= LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53430 DF PROTO=TCP SPT=48956 DPT=3946 WINDOW=5840 RES=0x00 SYN URGP=0
Reading the shorewall documentation, it does use syslog.

If I am reading above code correctly it seems to be using the kernel facility. Is there a way I can filter out the shorewall alone and redirect it to local4?

I will read more into rsyslog filtering maybe I missed some action that I could use.

I choose rsyslog because it comes default with red hat and I am trying to get my RHCSA.

Last edited by dman777; 01-02-2011 at 01:53 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Configure rsyslog to filter all messages from kdm ? charlweed Linux - Software 2 10-25-2009 05:27 AM
INACTIVE firewall blocks my rsyslog messages tbergfeld Fedora 0 06-26-2008 04:52 AM
shorewall config question with /etc/shorewall/rules peter72 Linux - Networking 3 01-01-2007 09:33 PM
Log messages after uninstall of shorewall UnConundrum Linux - General 1 03-06-2006 08:14 PM
Shorewall not logging messages xxx_anuj_xxx Linux - Security 11 01-12-2006 10:52 PM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:57 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration