lire and shorewall
Juergen Fiedler
juergen at fiedlerfamily.net
Mon Oct 31 16:42:17 CET 2005
Thanks for your help!
I guess I'll check out the new version of IptablesDlfConverter.pm and
remove the section pertaining to messages from the report template -
that should do the trick :)
Thanks,
--j
On Mon, Oct 31, 2005 at 04:08:40PM +0100, Wytze van der Raay wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Juergen,
>
> > ...
> > The problem I'm having is that I get many headers with no usable
> > output; only the sections pertaining to dropped connections show
> > something, e.g.:
> >
> >
> >> Messages Reports
> >> ----------------
> >>
> >> Top 15 Messages
> >>
> >> No content in report.
>
> This section is empty because there are no "messages" in your firewall log
> (iptables). The DLF converter for iptables only parses for accepted or
> rejected traffic, since there isn't anything else in a typical iptables log.
>
>
> >> ...
> >> Volume's Traffic Reports
> >> ------------------------
> >>
> >> Applied filter in this section: permitted events
> >>
> >> Volume by Rule
> >>
> >> No content in report.
>
> This is due to a bug in the DLF converter for iptables in the Lire 2.0.1
> release. There is a fixed version in the CVS tree:
>
> RCS file: /cvsroot/logreport/service/firewall/lib/IptablesDlfConverter.pm,v
> Working file: IptablesDlfConverter.pm
> head: 1.11
> branch:
> locks: strict
> access list:
> symbolic names:
> release-2_0_1: 1.9
> release-2_0: 1.9
> release-2_0rc1: 1.9
> release-1_5: 1.8
> merged-20030821: 1.3
> lire_1_3_branch: 1.3.0.2
> release-1_3: 1.3
> keyword substitution: kv
> total revisions: 11; selected revisions: 11
> description:
> - ----------------------------
> revision 1.11
> date: 2005/02/14 11:07:33; author: wraay; state: Exp; lines: +8 -4
> Add support for proper labeling of traffic permitted by the firewall,
> by adding a matching regular expression for 'permitted' similar to the
> one for 'denied'.
> Update the documentation (LIMITATIONS section) accordingly.
> - ----------------------------
>
> You can substitute the CVS version of this file in your running system,
> and it should work then.
>
> >> Denied Packets Reports
> >> ----------------------
> >>
> >> Applied filter in this section: denied events
> >>
> >> Packets by Rule
> >>
> >> Rule Packets % Total
> >> -------------------------------------------------------- ------- -------
> >> Shorewall:dropInvalid:DROP: 1 0.0
> >> Shorewall:net2fw:DROP: 5 0.1
> >>[...]
>
> I suppose this one conforms more or less to your expectations.
>
> > I guess I expected the fact that I am logging accepted packages as well
> > as dropped ones to add some information to the empty sections, but that
> > doesn't seem to be the case.
>
> Partly because there isn't any, partly due to a bug in Lire 2.0.1, both
> as explained above.
>
> > I am using shorewall 2.2.3-2 and lire 2.0.1-4. It seems likely that this
> > is an iptables issue in general, not related to shorewall, but I thought
> > I'd mention the fact that I am using it, just in case there are known issues
> > with the way it tags log messages.
> >
> > I am using shorewall 2.2.3-2 and lire 2.0.1-4. Does anyone know what I
> > can do to get some more information out of my logs? Any input would be
> > appreciated.
>
> I hope the above is helpful,
> Wytze van der Raay
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFDZjN4qs+zhiEbbu8RAjPaAJ9LD2DbhwZr86X97sFpJXNsEva/SACg+DQU
> sC4Oehl2NiB0xomLbqFTIJ4=
> =xaOe
> -----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.logreport.org/pipermail/questions/attachments/20051031/ecdfbbeb/attachment.bin
More information about the Questions
mailing list