shorewall-logging(5)

1SHOREWALL-LOGGING(5)          Configuration Files         SHOREWALL-LOGGING(5)
2
3
4

NAME

6       logging - Shorewall logging
7

SYNOPSIS

9       action:level
10
11       NFLOG(nflog-parameters)
12
13       ULOG(ulog-parameters)
14

DESCRIPTION

16       The disposition of packets entering a Shorewall firewall is determined
17       by one of a number of Shorewall facilities. Only some of these
18       facilities permit logging.
19
20        1. The packet is part of an established connection. While the packet
21           can be logged using LOG rules in the ESTABLISHED section of
22           /etc/shorewall/rules[1], that is not recommended because of the
23           large amount of information that may be logged.
24
25        2. The packet represents a connection request that is related to an
26           established connection (such as a data connection associated with
27           an FTP control connection[2]). These packets may be logged using
28           LOG rules in the RELATED section of shorewall-rules(5)[1].
29
30        3. The packet is rejected because of an option in shorewall.conf[3](5)
31           or shorewall-interfaces(5)[4]. These packets can be logged by
32           setting the appropriate logging-related option in
33           /etc/shorewall/shorewall.conf[3].
34
35        4. The packet matches a rule in shorewall-rules[1](5). By including a
36           syslog level (see below) in the ACTION column of a rule (e.g.,
37           “ACCEPT:info net $FW tcp 22”), the connection attempt will be
38           logged at that level.
39
40        5. The packet doesn't match a rule so it is handled by a policy
41           defined in shorewall-policy(5)[5]. These may be logged by
42           specifying a syslog level in the LOG LEVEL column of the policy's
43           entry (e.g., “loc net ACCEPT info”).
44

DEFAULT LOGGING

46       By default, Shorewall directs Netfilter to log using syslog (8). Syslog
47       classifies log messages by a facility and a priority (using the
48       notation facility.priority).
49
50       The facilities defined by syslog are auth, authpriv, cron, daemon,
51       kern, lpr, mail, mark, news, syslog, user, uucp and local0 through
52       local7.
53
54       Throughout the Shorewall documentation, the term level rather than
55       priority is used, since level is the term used by Netfilter. The syslog
56       documentation uses the term priority.
57

SYSLOG LEVELS

59       Syslog levels are a method of describing to syslog (8) the importance
60       of a message. A number of Shorewall parameters have a syslog level as
61       their value.
62
63       Valid levels are:
64           7 - debug (Debug-level
65                 messages)
66           6 - info
67                 (Informational)
68           5 - notice (Normal but
69                 significant Condition)
70           4 - warning (Warning
71                 Condition)
72           3 - err (Error
73                 Condition)
74           2 - crit (Critical
75                 Conditions)
76           1 - ale