Re: Re: firehol logging to console
FireHOL logs the messages which where dropped even if the request was
okay, but it was dropped - for example - because the client did not send
back the reply in time. This happens often with TCP, cause the clients
should send back their reply _immediately_ after receiving the answer
from your machine running firehol.
Here we come to the firehol loglevel parameter you may set in the
firehol config file, to get rid of the messages. On any Debian/GNU-Linux
machine the Loglevel is set to 'warning' matching to the iptables
responses giving back to the kernel - this is why those
firewall-comments put in the syslog and stored in /var/log/messages and
can be seen in demsg.
In my opinion you don't need to get 'warned' by messages in syslog which
where dropped, cause this is the usecase for a firewall, isn't it?
The easiest way to get rid of it is, to attach
FIREHOL_LOG_LEVEL="<new loglevel>"
to the new value which is useful for you in your firehol.conf.
(/me uses "error")
loglevel system
debug if your firewall does not work properly. you get lots of entries!
info just informs you what's going on. Still lots of messages
notice normal, but many significant statements
error this makes sense for me. Silence in your syslog until
something really ugly happens!
crit well, if you get critical messages you should turn your
firewall off :-P
emerg it's not useful to set your loglevel to this, because
your system is already unusable
If you're still sure you want a logfile for your firewall on your own, I
found a tutorial here:
http://lists.debian.org/debian-firewall/2004/05/msg00166.html
This solution uses ULOG (depricated) and your kernel needs to support this!
Attatch those lines to your firehol.conf:
FIREHOL_LOG_MODE="ULOG"
FIREHOL_LOG_LEVEL="--log-level warning"
FIREHOL_LOG_OPTIONS="--log-tcp-options --log-ip-options"
FIREHOL_LOG_FREQUENCY="1/second"
#FIREHOL_LOG_FREQUENCY="30/minute"
#FIREHOL_LOG_BURST="5"
FIREHOL_LOG_BURST="2"
restart your firehol and your iptables-messages will be stored
in /var/log/ulog/syslogemu.log
(never tested this one, it's nonsense for me)
please read the fine documentation at
http://firehol.sourceforge.net/commands.html#loglimit
for further reference.
With RedHat Linux you have a bit more trouble with this issue, but this
is a Debian ressource here, isn't it ;-)
RATE this package there:
http://freshmeat.net/rate/30942/
it's very, very useful IMHO and most people don't know about FireHol and
get brainfucked when trying to set up a firewall - but it can't be
easier if you know what to use to build up your iptable rules...
Kind regards from Germany,
SMut
Reply to: