From 76cb095f51f6b934d050d4d64bdb67e58ff96da5 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 14 Jun 2006 13:52:54 +0000 Subject: [PATCH] Revise description of LOGFORMAT -- Take 2 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4092 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-lite/shorewall.conf | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/Shorewall-lite/shorewall.conf b/Shorewall-lite/shorewall.conf index f7c8ffee3..ac27186ab 100644 --- a/Shorewall-lite/shorewall.conf +++ b/Shorewall-lite/shorewall.conf @@ -31,12 +31,12 @@ VERBOSITY=1 # # LOG FILE LOCATION # -# This variable tells the /sbin/shorewall program where to look for Shorewall -# log messages. If not set or set to an empty string (e.g., LOGFILE="") then +# This variable tells the /sbin/shorewall-lite program where to look for Shorewall +# Lite log messages. If not set or set to an empty string (e.g., LOGFILE="") then # /var/log/messages is assumed. # -# WARNING: The LOGFILE variable simply tells the 'shorewall' program where to -# look for Shorewall messages.It does NOT control the destination for +# WARNING: The LOGFILE variable simply tells the 'shorewall-lite' program where +# to look for Shorewall messages.It does NOT control the destination for # these messages. For information about how to do that, see # # http://www.shorewall.net/shorewall_logging.html @@ -47,20 +47,35 @@ LOGFILE=/var/log/messages # # LOG FORMAT # -# Should match the corresponding value in the shorewall.conf file used to -# compile the firewall +# Shell 'printf' Formatting template for the --log-prefix value in log messages +# generated by Shorewall Lite to identify Shorewall Lite log messages. The +# value specified here will be used when generating log messages provided that +# no value was supplied for LOGFORMAT in the shorewall.conf used to compile +# the firewall script. +# +# The supplied template is expected to accept either two or three arguments; +# the first is the chain name, the second (optional) is the logging rule number +# within that chain and the third is the ACTION specifying the disposition of +# the packet being logged. You must use the %d formatting type for the rule +# number; if your template does not contain %d then the rule number will not be +# included. # # If you want to integrate Shorewall with fireparse, then set LOGFORMAT as: # -# LOGFORMAT="fp=" +# LOGFORMAT="fp=%s:%d a=%s " # # If not specified or specified as empty (LOGFORMAT="") then the value -# "Shorewall:" is assumed. +# "Shorewall:%s:%s:" is assumed. # -# /sbin/shorewall-lite uses the leading part of the LOGFORMAT string +# CAUTION: /sbin/shorewall-lite uses the leading part of the LOGFORMAT string +# (up to but not including the first '%') to find log messages in the 'show log', +# 'status' and 'hits' commands. This part should not be omitted (the +# LOGFORMAT should not begin with "%") and the leading part should be +# sufficiently unique for /sbin/shorewall-lite to identify Shorewall Lite +# messages. # -LOGFORMAT="Shorewall:" +LOGFORMAT="Shorewall:%s:%s:" ############################################################################### # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S