On Wednesday, January 17, 2007 @ 8:24 PM, Darryl Gregorash wrote:
On 2007-01-17 17:40, Greg Wallace wrote:
On Wednesday, January 17, 2007 @ 4:30 PM, Darryl Gregorash wrote:
On 2007-01-17 15:24, Greg Wallace wrote:
<snip>
Linux kernel: SFW2-IN-ACC-RELATED IN eth0 ^^^
This is firewall logging. Why it is in /var/log/messages is a mystery, I may have found it. Try this:
grep SFW2 /var/log/messages | grep IN=
Thousands of lines of output
Then this:
grep IN= /etc/syslog-ng/syslog-ng.conf.in
No such file or directory
The second command will probably output a line like this: filter f_iptables { facility(kern) and match("IN=") and match("OUT="); };
However, in the log entry you posted, the text is "IN", not "IN=". No match, so subsequent rules dump the entry to /var/log/messages. This is possibly a bug in the iptables logging module, ipt_LOG, for that kernel version.
That was a typo on my part. Instead of IN eth0 it should have been IN=eth0.
BTW, what is the result of this: ls -l /var/log/firewall
ls: cannot access /var/log/firewall: No such file or directory Maybe that's the problem. There is no separate log file set up for the firewall so all of the firewall messages get dumped into messages. Is there somewhere where you can define a specific separate log file for firewall messages?
If it is zero size, or doesn't exist at all, you can just edit /etc/syslog-ng/syslog-ng.conf.in to read "IN " vs. "IN=", run 'SuSEconfig --module syslog-ng', and carry on (until the hiccup is fixed, then you'd have to reverse the change :-) ). Note: edit the .conf.in file, not the .conf file, or you will lose the changes when suseconfig is run.
Greg W -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org