Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

{Solved} Shorewall massive logs.
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
xante
Apprentice
Apprentice


Joined: 23 Aug 2004
Posts: 229
PostPosted: Sun Feb 05, 2006 2:54 am    Post subject: {Solved} Shorewall massive logs. Reply with quote
Shorewall does output quite a bit of a log after a couple hours, in a day of logging my log came close to 4 gigs. I think thats a bit excessive but I cant quite figure out how to lower the log level. I changed all Log level entries I could find in both /etc/shorewall/shorewall.conf and /etc/shorewall/policy to emerg and yet /var/log/messages still recieves an excessive amount of logs (and watching /dev/tty12 the text scrolls by extremely quick), Im using syslog-ng and can disable logging to /var/log/messages but this isnt what I want. I just want there to be fewer logs all around. Thank you for your time.

Last edited by xante on Sat Feb 18, 2006 12:35 pm; edited 1 time in total
Back to top
View user's profile Send private message
jpl888
Guru
Guru


Joined: 13 Apr 2005
Posts: 337
Location: Piltown, Co. Kilkenny, Ireland.
PostPosted: Sun Feb 05, 2006 8:30 am    Post subject: Reply with quote
You can set logging levels based on your rules and policies. Is it possible you have logging enabled on all rules and policies thus the excessive logging?
Back to top
View user's profile Send private message
magic919
Advocate
Advocate


Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
PostPosted: Sun Feb 05, 2006 9:23 am    Post subject: Reply with quote
Set up filters in syslog-ng to rid your logs of the unwanted stuff. It will stop certain bits from hitting the logs.

Like for mail I use

Code:

destination mail { file("/var/log/maillog" perm(0644) ); };

filter f_mail { facility(mail) and not match (Login); };

log { source(src); filter(f_mail); destination(mail); };



That means I get the stuff Postfix is up to and my anti-spam but not POP and IMAP logins.
Back to top
View user's profile Send private message
xante
Apprentice
Apprentice


Joined: 23 Aug 2004
Posts: 229
PostPosted: Tue Feb 07, 2006 5:39 am    Post subject: Reply with quote
You were correct in sayng that filters would fix the problem, I copied and pasted the default off of the gentoo security page and it was working fine, little be known to me, when I was editing some of the syslog-ng.conf file, parts I didnt need, I removed the filtering section all together. Thank you for your help.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy