diff --git a/Shorewall-docs/shorewall_logging.xml b/Shorewall-docs/shorewall_logging.xml index 667fbae32..9f0687241 100644 --- a/Shorewall-docs/shorewall_logging.xml +++ b/Shorewall-docs/shorewall_logging.xml @@ -2,6 +2,8 @@
+ + Shorewall Logging @@ -26,8 +28,8 @@ document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover - Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". + Texts. A copy of the license is included in the section entitled + GNU Free Documentation License. @@ -63,16 +65,16 @@ The packet matches a rule in /etc/shorewall/rules. By including a syslog level (see below) in the ACTION column of a rule - (e.g., "ACCEPT:info net fw tcp - 22"), the connection attempt will be logged at that level. + (e.g., ACCEPT:info net fw tcp + 22), the connection attempt will be logged at that level. The packet doesn't match a rule so it is handled by a policy defined in /etc/shorewall/policy. These may be logged by specifying a syslog level in the LOG LEVEL - column of the policy's entry (e.g., "loc net ACCEPT info"). + column of the policy's entry (e.g., loc net ACCEPT + info). @@ -91,7 +93,7 @@ Throughout the Shorewall documentation, I will use the term level rather than priority since level is the term used by NetFilter. The syslog - documentation uses the term priority. + documentation uses the term priority.
Syslog Levels @@ -165,8 +167,8 @@ target support (and most vendor-supplied kernels do), you may also specify a log level of ULOG (must be all caps). When ULOG is used, Shorewall will direct netfilter to log the related messages via the ULOG - target which will send them to a process called 'ulogd'. The - ulogd program is available from ulogd. + The ulogd program is available from http://www.gnumonks.org/projects/ulogd and can be configured to log all Shorewall message to their own log file. @@ -241,15 +243,15 @@ I also copied the file /usr/local/src/ulogd-version/ulogd.init - to /etc/init.d/ulogd. I had to edit the line that read "daemon - /usr/local/sbin/ulogd" to read daemon /usr/local/sbin/ulogd -d". - On a RedHat system, a simple "chkconfig --level 3 ulogd on" - starts ulogd during boot up. Your init system may need something else - done to activate the script. + to /etc/init.d/ulogd. I had to edit the line that read daemon + /usr/local/sbin/ulogd to read daemon + /usr/local/sbin/ulogd -d. On a RedHat system, a simple + chkconfig --level 3 ulogd on starts ulogd during boot up. + Your init system may need something else done to activate the script. You will need to change all instances of log levels (usually - 'info') in your configuration files to 'ULOG' - this - includes entries in the policy, rules and shorewall.conf files. + info) in your configuration files to ULOG + - this includes entries in the policy, rules and shorewall.conf files. Here's what I have: [root@gateway shorewall]# grep ULOG * @@ -263,8 +265,8 @@ Finally edit /etc/shorewall/shorewall.conf and set LOGFILE=<file that you wish to log to>. This tells the /sbin/shorewall - program where to look for the log when processing its "show - log", "logwatch" and "monitor" commands. + program where to look for the log when processing its show log, + logwatch and monitor commands.
diff --git a/Shorewall-docs/shorewall_prerequisites.xml b/Shorewall-docs/shorewall_prerequisites.xml index 07d7a9fce..1966ee82c 100755 --- a/Shorewall-docs/shorewall_prerequisites.xml +++ b/Shorewall-docs/shorewall_prerequisites.xml @@ -2,6 +2,8 @@
+ + Shorewall Requirements @@ -24,8 +26,8 @@ document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover - Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". + Texts. A copy of the license is included in the section entitled + GNU Free Documentation License. @@ -44,18 +46,21 @@ iptables 1.2 or later but beware version 1.2.3 -- see the Errata. WARNING: - The buggy iptables version 1.2.3 is included in RedHat 7.2 and you - should upgrade to iptables 1.2.4 prior to installing Shorewall. - Version 1.2.4 is available from - RedHat and in the Shorewall Errata. + url="errata.htm">Errata. + + + The buggy iptables version 1.2.3 is included in RedHat 7.2 and + you should upgrade to iptables 1.2.4 prior to installing Shorewall. + Version 1.2.4 is available from + RedHat and in the Shorewall Errata. + - Iproute ("ip" utility). The iproute package is included - with most distributions but may not be installed by default. The - official download site is Iproute (ip utility). The iproute package is + included with most distributions but may not be installed by default. + The official download site is ftp://ftp.inr.ac.ru/ip-routing.