From c4f21ffefb3a0401ecc4434104d6f086f40664dd Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 15 Feb 2017 13:11:52 -0800
Subject: [PATCH] Additional documentation changes.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 docs/Actions.xml           |  3 +++
 docs/shorewall_logging.xml | 15 ++++++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/docs/Actions.xml b/docs/Actions.xml
index 3e26f09a6..b08d4f3a2 100644
--- a/docs/Actions.xml
+++ b/docs/Actions.xml
@@ -371,6 +371,9 @@ ACCEPT   -              -               tcp     135,139,445</programlisting>
         QUEUE_DEFAULT=none
         REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
 </programlisting>
+
+    <para>Note that in both cases, logging occurs based on the setting of
+    LOG_LEVEL in shorewall[6].conf.</para>
   </section>
 
   <section id="Defining">
diff --git a/docs/shorewall_logging.xml b/docs/shorewall_logging.xml
index 643c6c080..8cf938f43 100644
--- a/docs/shorewall_logging.xml
+++ b/docs/shorewall_logging.xml
@@ -266,7 +266,16 @@
       <para>You will need to change all instances of log levels (usually
       <quote>info</quote>) in your Shorewall configuration files to
       <quote>NFLOG</quote> - this includes entries in the policy, rules and
-      shorewall.conf files. Here's what I had at one time:</para>
+      shorewall.conf files. If you initially installed using Shorewall 5.1.2
+      or later, you can simply change the setting of LOG_LEVEL in
+      shorewall.conf.</para>
+
+      <para>Otherwise, you must search for all instances of log levels in your
+      configuration and change them accordingly. If you currently run
+      Shorewall 5.1.2 or later, then change them to $LOG_LEVEL and set
+      LOG_LEVEL accordingly. If you are running an earlier release, using a
+      shell variable simplifies future changes. Here's what I had at one
+      time:</para>
 
       <programlisting>gateway:/etc/shorewall# grep -v ^\# * | egrep '\$LOG|ULOG|LOGFILE'
 params:LOG=NFOG
@@ -571,9 +580,9 @@ if $msg contains 'Shorewall' then {
   if ($syslogfacility == 0 and $syslogseverity &gt;= 6) then stop  # info
 }</programlisting>
 
-    <para> I log at 'notice' log level if I want the message in
+    <para>I log at 'notice' log level if I want the message in
     <filename>/var/log/messages</filename> and everything goes to
     <filename>/var/log/shorewall.log</filename>. Don't forget to add
-    /var/log/shorewall.log to logrotate. </para>
+    /var/log/shorewall.log to logrotate.</para>
   </section>
 </article>