Mailinglist Archive: opensuse (4626 mails)

< Previous Next >
RE: [opensuse] syslog stuff
On Wednesday, January 17, 2007 @ 8:24 PM, Darryl Gregorash wrote:

>On 2007-01-17 17:40, Greg Wallace wrote:
>> On Wednesday, January 17, 2007 @ 4:30 PM, Darryl Gregorash wrote:
>>
>>
>>> On 2007-01-17 15:24, Greg Wallace wrote:
>>>
>>> <snip>
>>>>
>>>> Linux kernel: SFW2-IN-ACC-RELATED IN eth0
>>>> ^^^
>>>>
>>
>>
>>> This is firewall logging. Why it is in /var/log/messages is a mystery,
>I may have found it. Try this:

>grep SFW2 /var/log/messages | grep IN=

Thousands of lines of output

>Then this:

>grep IN= /etc/syslog-ng/syslog-ng.conf.in

No such file or directory

>The second command will probably output a line like this:
>filter f_iptables { facility(kern) and match("IN=") and match("OUT="); };

>However, in the log entry you posted, the text is "IN", not "IN=". No
>match, so subsequent rules dump the entry to /var/log/messages. This is
>possibly a bug in the iptables logging module, ipt_LOG, for that kernel
>version.

That was a typo on my part. Instead of IN eth0 it should have been IN=eth0.

>BTW, what is the result of this:
>ls -l /var/log/firewall

ls: cannot access /var/log/firewall: No such file or directory

Maybe that's the problem. There is no separate log file set up for the
firewall so all of the firewall messages get dumped into messages. Is there
somewhere where you can define a specific separate log file for firewall
messages?

>If it is zero size, or doesn't exist at all, you can just edit
>/etc/syslog-ng/syslog-ng.conf.in to read "IN " vs. "IN=", run
>'SuSEconfig --module syslog-ng', and carry on (until the hiccup is
>fixed, then you'd have to reverse the change :-) ). Note: edit the
>.conf.in file, not the .conf file, or you will lose the changes when
>suseconfig is run.

Greg W


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread