Mailinglist Archive: opensuse (4626 mails)

< Previous Next >
Re: [opensuse] syslog stuff
  • From: Darryl Gregorash <raven@xxxxxxxxxxxxx>
  • Date: Wed, 17 Jan 2007 20:24:21 -0600
  • Message-id: <45AEDA55.5080602@xxxxxxxxxxxxx>
On 2007-01-17 17:40, Greg Wallace wrote:
> On Wednesday, January 17, 2007 @ 4:30 PM, Darryl Gregorash wrote:
>
>
>> On 2007-01-17 15:24, Greg Wallace wrote:
>>
>> <snip>
>>>
>>> Linux kernel: SFW2-IN-ACC-RELATED IN eth0
>>> ^^^
>>>
>
>
>> This is firewall logging. Why it is in /var/log/messages is a mystery,
I may have found it. Try this:

grep SFW2 /var/log/messages | grep IN=

Then this:

grep IN= /etc/syslog-ng/syslog-ng.conf.in

The second command will probably output a line like this:
filter f_iptables { facility(kern) and match("IN=") and match("OUT="); };

However, in the log entry you posted, the text is "IN", not "IN=". No
match, so subsequent rules dump the entry to /var/log/messages. This is
possibly a bug in the iptables logging module, ipt_LOG, for that kernel
version.

BTW, what is the result of this:
ls -l /var/log/firewall

If it is zero size, or doesn't exist at all, you can just edit
/etc/syslog-ng/syslog-ng.conf.in to read "IN " vs. "IN=", run
'SuSEconfig --module syslog-ng', and carry on (until the hiccup is
fixed, then you'd have to reverse the change :-) ). Note: edit the
.conf.in file, not the .conf file, or you will lose the changes when
suseconfig is run.

--
The best way to accelerate a computer running Windows is at 9.81 m/s²

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups