Firewall log and syslogd
Hi to all, I got the SuSEfirewall2 customized as I desired. But now for the logging: the messages are kept in three files: /var/log/messages /var/log/firewall /var/log/warn I banned the firewall messages from /var/log/warn in syslogd.conf with *.*;mail.none;news.none;kern.none -/var/log/messages as every kernel message is kept in /var/log/firewall with kern.* -/var/log/firewall But for /var/log/warn the entries are *.=warn;*.=err -/var/log/warn *.crit /var/log/warn How can I ban the kern.crit messages from this last log? *.crit;kern.!=crit /var/log/warn seems not to work... Thanks for an answer, Dirk
On Wednesday 12 March 2003 18:51, Dirk Borchers wrote:
Hi to all,
I got the SuSEfirewall2 customized as I desired. But now for the logging: the messages are kept in three files: /var/log/messages /var/log/firewall /var/log/warn
I banned the firewall messages from /var/log/warn in syslogd.conf with *.*;mail.none;news.none;kern.none -/var/log/messages as every kernel message is kept in /var/log/firewall with kern.* -/var/log/firewall
But for /var/log/warn the entries are *.=warn;*.=err -/var/log/warn *.crit /var/log/warn How can I ban the kern.crit messages from this last log? *.crit;kern.!=crit /var/log/warn seems not to work...
The loglevel for firewall is warn not crit Because loglevel warn is also used for many other things I used the loglevel notice to log firewall messages. My setup is different because I wanted the firewall message also in messages but I think the following should work for you. Change the --log-level to notice in the FW_LOG line of firewall2.rc.config file and in syslogd.conf change the line: kern.* -/var/log/firewall to kern.=notice -/var/log/firewall I don't know if it matters but perhaps the above line should be before the line which logs things to /var/log/messages. -- GertJan Email address is invalid, so don't reply directly, I'm on the list.
Hi all,
I've set up SuSEFW2(8.0) as fallows :
FW_DEV_EXT="eth0"
FW_DEV_INT="eth1"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS="192.168.0.0/24"
FW_SERVICE_DHCPD="yes"
FW_SERVICE_SAMBA="yes"
Other features are unchanged or default.
The clients got an IP address from the dhcp but they can't access the
samba services or internet. If I disable one of the interfaces,
everything works fine. Now i'm not sure if this is an FW issue. I've
changed the eth1 thinking it was problematic but still nothing. The
server is an Dell PowerEdge 2600SC, eth0 is integrated.
Any ideas?
Thanx
--
<
Hi
I am not sure but should FW_DEV_EXT="eth0" not be FW_DEV_EXT="ppp0"
I do not use the SuSEFW2.
Ian
Miguel Albuquerque
Hi all,
I've set up SuSEFW2(8.0) as fallows :
FW_DEV_EXT="eth0" FW_DEV_INT="eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.0.0/24" FW_SERVICE_DHCPD="yes" FW_SERVICE_SAMBA="yes"
Other features are unchanged or default.
The clients got an IP address from the dhcp but they can't access the samba services or internet. If I disable one of the interfaces, everything works fine. Now i'm not sure if this is an FW issue. I've changed the eth1 thinking it was problematic but still nothing. The server is an Dell PowerEdge 2600SC, eth0 is integrated.
Any ideas?
Thanx
-- >
.-. e-SecureNet /v\ We Run SuSE Project Manager // \\ *The LINUX Experts* c/o Miguel Albuquerque /( )\ Av. Miremont 46 ^^-^^ 1202 - GE, SWITZERLAND NATEL +41 79 543 1935 http://counter.li.org Linux user #301007 mailto:mfoacs@e-workshop.ch http://mfoacs.e-workshop.ch ----------------------------------------------------------------
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Sun, 2003-03-16 at 16:34, ian@the-laws-clan.de wrote:
Hi
I am not sure but should FW_DEV_EXT="eth0" not be FW_DEV_EXT="ppp0" I do not use the SuSEFW2.
The gateway is an ADSL router, i'm understanding (and doing the same at
home) FW_DEV_EXT="eth0" works fine.
--
<
On Sunday 16 March 2003 16:13, Miguel Albuquerque wrote:
Hi all,
I've set up SuSEFW2(8.0) as fallows :
FW_DEV_EXT="eth0" FW_DEV_INT="eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.0.0/24" FW_SERVICE_DHCPD="yes" FW_SERVICE_SAMBA="yes"
Did you read the comment in the SuSEfirewall2 config, it says you also have to open port 139, have you done that?
Other features are unchanged or default.
The clients got an IP address from the dhcp but they can't access the samba services or internet. If I disable one of the interfaces,
For samba see above. Can the clients ping an internet IP-address directly? If so it's probably a DNS problem. Exactly what do you mean by disabling one of the interfaces?
everything works fine. Now i'm not sure if this is an FW issue. I've changed the eth1 thinking it was problematic but still nothing. The server is an Dell PowerEdge 2600SC, eth0 is integrated.
Any ideas? --
GertJan Email address is invalid, so don't reply directly, I'm on the list.
Hi GertJan,
I got the SuSEfirewall2 customized as I desired. But now for the logging: the messages are kept in three files: /var/log/messages /var/log/firewall /var/log/warn
I banned the firewall messages from /var/log/warn in syslogd.conf with *.*;mail.none;news.none;kern.none -/var/log/messages as every kernel message is kept in /var/log/firewall with kern.* -/var/log/firewall
But for /var/log/warn the entries are *.=warn;*.=err -/var/log/warn *.crit /var/log/warn How can I ban the kern.crit messages from this last log? *.crit;kern.!=crit /var/log/warn seems not to work...
The loglevel for firewall is warn not crit
That's a good hint. I changed two lines in syslog.conf to: *.=warn;kern.!=warn;*.=err -/var/log/warn *.crit /var/log/warn And so I got what I desired! Nevertheless I will try syslog-ng (when I've got time...). Thanks, Dirk
participants (4)
-
Dirk Borchers -
GertJan Spoelman -
ian@the-laws-clan.de -
Miguel Albuquerque