I am running an Ubuntu Server 14.04 system with a shorewall firewall. Shorewall is essentially a front end to iptables, and it is iptables that does the logging via Netfilter (my understanding so far).
My problem is that I can't make sense of the shorewall docs regarding logging to a different destination. This is how far I've come:
- I installed and started
ulogd
- I defined a variable in
/etc/shorewall/params
:LOG=NFLOG
- I changed all occurrences of
info
to$LOG
in/etc/shorewall/shorewall.conf
- I set the log destination in
/etc/shorewall/shorewall.conf
:LOGFILE=/var/log/shorewall
This supposedly accomplishes the following: Netfilter logs to the NFLOG
(successor to ULOG
) destination, which means Netfilter log messages are handled by ulogd2
.
What I don't know, is how I can tell ulogd2
to write all shorewall messages to my desired log file /var/log/shorewall
.
The documentation is rather unclear on this, as this forum thread testifies.
This blog post I found is equally vague, regarding ulogd2
's log redirection.
In summary:
- Is my approach for redirecting shorewall log messages to
ulogd2
correct at all? - How can I configure
ulogd2
to redirect shorewall's messages to/var/log/shorewall
?
PS: I am not asking this question on AskUbuntu, because this is equally relevant for other Linux distributions.