User Tools

Site Tools


Shorewall custom logging

Custom log file

To log events created by Shorewall in a custom file called “firewall.log” in /var/log directory first edit the /etc/shorewall/shorewall.conf file. Edit this line:


Actual logging is managed by rsyslog daemon. Create a new file called “firewall.conf” in /etc/rsyslog.d/ and add this:

Debian 7 & 8

:msg, contains, "Shorewall:" -/var/log/firewall.log
& ~

Debian 9

From new version of rsyslog (8.4.2, on Debian 9) use “stop” instead of tilda:

:msg, contains, "Shorewall:" -/var/log/firewall.log
& stop

Now restart rsyslog service and shorewall

Set up firewall.log rotation

Create the file /etc/logrotate.d/firewall and put this in it:

/var/log/firewall.log {
        rotate 4

Don't forget to check if startup is enabled in /etc/default/shorewall[6]

Tested on

  • Debian 9,10

See also

wiki/shorewall_custom_logging.txt · Last modified: 2022/03/04 13:28 by antisa

Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki