The logfile of my firewall was > 1GB so I archived it and echo'd ( echo > firewall.log ) a new one.
After the cleanup no messages where logged to the new firewall.log file, strange because nothing changed in the configuration.
I changed the rsyslog.conf file to log kernel.warning to /var/log/firewall.log and created IPTABLES log filters with a --log-level 4 syntax to seperate iptables logging from the /var/log/messages log. My IDS uses the firewall.log for detection so it's important to solve this asap.
IPTABLES logging is visible in /var/log/messages. So it is still logged but not in the correct one, looks like the changes in the rsyslog configuration aren't applied.
The first thing, and the solution, to do was to restart the rsyslog daemon(it's a RedHat system, other distro's use syslog)
service rsyslog restart
Easy and quick solution...Problem solved!
Geen opmerkingen:
Een reactie posten