antisaWiki

User Tools

Site Tools

Trace: shorewall_custom_logging
wiki:shorewall_custom_logging

This is an old revision of the document!

Table of Contents

, ,

Shorewall custom logging

Custom log file

To log events created by Shorewall in a custom file called “firewall.log” in /var/log directory first edit the /etc/shorewall/shorewall.conf file. Edit this line: 

LOGFILE=/var/log/firewall.log

Actual logging is managed by rsyslog daemon. Create a new file called “firewall.conf” in /etc/rsyslog.d/ and add this:

Debian 7 & 8

:msg, contains, "Shorewall:" -/var/log/firewall.log
& ~

Debian 9

From new version of rsyslog (8.4.2, on Debian 9) use “stop” instead of tilda: 

:msg, contains, "Shorewall:" -/var/log/firewall.log
& stop

Now restart rsyslog service and shorewall

Set up firewall.log rotation

Create the file /etc/logrotate.d/firewall and put this in it: 

/var/log/firewall.log {
        rotate 4
        weekly
        missingok
        notifempty
        delaycompress
        compress
}

Don't forget to check if startup is enabled in /etc/default/shorewall[6]

wiki/shorewall_custom_logging.1610370938.txt.gz · Last modified: 2021/01/11 14:15 by antisa
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki