Title: No firewall log EFW 2.4-community Post by: strangetpwn on Saturday 29 May 2010, 01:16:04 am It appears that firewall logging is not working on my fresh efw 2.4 community install.
No "hits" are being logged to file - the Live Log page is blank and the Firewall log viewer page displays the message "No (or only partial) logs exist for the given day: /var/log/firewall could not be opened" - Logging into the console confirms that no such /var/log/firewall file exists. I tried to create a file using "touch firewall", but I'm not sure if this would be effective or if I set the permissions right, but the message did disappear. I've tried to create situations that should create hits for the log file such a selecting "log accepted packets" and denying traffic from green>red on port 80, and the firewall itself is working, but without logging. Title: Re: No firewall log EFW 2.4-community Post by: ad.aimm on Saturday 29 May 2010, 02:16:17 am hi,
i agree with you but i don't know how to fix it. regards. ad Title: Re: No firewall log EFW 2.4-community Post by: wavrunrx2 on Sunday 30 May 2010, 06:03:52 am same here, the firewall log is not logging anything.
(ive enabled the 'Log refused packets' tick) on the logs--->settings page. endian-christain, any idea how to fix this ? Title: Re: No firewall log EFW 2.4-community Post by: necromanx on Monday 31 May 2010, 05:26:29 pm I am having the same problem.
Title: Re: No firewall log EFW 2.4-community Post by: ofernandez on Monday 31 May 2010, 07:38:59 pm I'm the same problem.
Title: Re: No firewall log EFW 2.4-community Post by: actaris on Monday 31 May 2010, 08:05:30 pm yes, me too:
upgrade from a 2.3 box Title: Re: No firewall log EFW 2.4-community Post by: Maestrale on Monday 31 May 2010, 09:12:56 pm Me too from 2.3 to 2.4
Title: Re: No firewall log EFW 2.4-community Post by: schraads on Tuesday 01 June 2010, 05:41:08 am I did a fresh install of 2.4.0 Community and I am seeing the same problem.
Over at Endian bug tracker, they are seeing that ULOG refuses to start. When checking the firewall logs, neither the live logs nor the firewall logs display any information. The /var/log/firewall is present but shows 0 bytes. After checking the initial configuration, this seems to be a problem with ulog. It refuses to start. I tried to start it manually and the syslog file shows the following error message: Mon May 31 16:48:06 2010 <5> ulogd.c:372 registering plugin `NFLOG' Mon May 31 16:48:06 2010 <5> ulogd.c:372 registering plugin `ULOG' Mon May 31 16:48:06 2010 <5> ulogd.c:372 registering plugin `NFCT' Mon May 31 16:48:06 2010 <5> ulogd.c:372 registering plugin `IFINDEX' Mon May 31 16:48:06 2010 <5> ulogd.c:372 registering plugin `SYSLOG' Mon May 31 16:48:06 2010 <5> ulogd.c:372 registering plugin `BASE' Mon May 31 16:48:06 2010 <5> ulogd.c:372 registering plugin `PRINTPKT' Mon May 31 16:48:06 2010 <7> ulogd.c:721 cannot find key `ip.saddr.str' in stack Mon May 31 16:48:06 2010 <7> ulogd.c:721 cannot find key `ip.saddr.str' in stack Mon May 31 16:48:06 2010 <8> ulogd.c:1173 not even a single working plugin stack Title: Re: No firewall log EFW 2.4-community Post by: wavrunrx2 on Tuesday 01 June 2010, 08:13:21 am this is a major issue in my mind; i need to see attempts at my network.
we need a fix fast. Title: Re: No firewall log EFW 2.4-community Post by: endian-christian on Tuesday 01 June 2010, 06:54:55 pm Hello,
Thank you very much - we found the issue and created a new package. You can try and download it here: http://public.endian.com/christian/ulogd-2.0.0-0.endian8.i586.rpm (http://public.endian.com/christian/ulogd-2.0.0-0.endian8.i586.rpm). Regards, Christian Title: Re: No firewall log EFW 2.4-community Post by: ad.aimm on Tuesday 01 June 2010, 09:22:34 pm hi,
new rpm is in conflict with the old one : ulog-2.0.0-0.endian7.i586 even with --replacepkgs , i can't install it. any idea ? regards, ad. Title: Re: No firewall log EFW 2.4-community Post by: strangetpwn on Tuesday 01 June 2010, 10:54:24 pm hi, new rpm is in conflict with the old one : ulog-2.0.0-0.endian7.i586 even with --replacepkgs , i can't install it. any idea ? regards, ad. Try rpm -i --force Don't forget to reboot Title: Re: No firewall log EFW 2.4-community Post by: endian-christian on Wednesday 02 June 2010, 12:35:14 am hi, new rpm is in conflict with the old one : ulog-2.0.0-0.endian7.i586 even with --replacepkgs , i can't install it. any idea ? regards, ad. Try using smart Code: smart install ulogd-2.0.0-0.endian8.i586.rpm Title: Re: No firewall log EFW 2.4-community Post by: ad.aimm on Wednesday 02 June 2010, 03:07:50 am works with --force and firewall logs work too after this update
thx u ad. Title: Re: No firewall log EFW 2.4-community Post by: actaris on Wednesday 02 June 2010, 05:09:47 am Tnx Christian,
I downloaded the rpm, transferred with WinSCP and installed with Code: smart install ulogd-2.0.0-0.endian8.i586.rpm Title: Re: No firewall log EFW 2.4-community Post by: n++ on Wednesday 02 June 2010, 01:48:22 pm Thx again Christian.
For anyone else who comes across this post, the "smart" tool allows you to download the package before you install it, avoiding the use of scp as follows: Code: root@efw:~ # smart download --from-urls {some http url} Of course, you can also bypass the download step and install directly from the URL as follows: Code: root@efw:~ # smart install {some http url} cooooool... except, I had to omit the URL to the rpm Christian provided because I guess I am not allowed to post clickable links. You'll just need to replace {some http url} with the links he gave. Off topic, what is the convention for that sort of thing? Title: Re: No firewall log EFW 2.4-community Post by: schraads on Saturday 05 June 2010, 03:57:51 pm If you have registered on the Endian website under "Register EFW Community," you can SSH into your firewall and issue the "efw-upgrade" command. It will ask you for the email address you have registered on the site. Once I did that, it installed the updated package and fixed the firewall log issue.
Title: Re: No firewall log EFW 2.4-community Post by: kloana on Sunday 06 June 2010, 04:20:00 pm Hi,
i also had the same problem, so i did the upgrade via smart, and the logging is working again, but within the livelog there is no port associated to the log entry. Only source and destination ip. Do you also have the same issue?? Thanks in advance, regards Herbert Title: Re: No firewall log EFW 2.4-community Post by: MaxMouse on Tuesday 15 June 2010, 08:00:38 am Hi everyone,
It works for me using pscp (cause I dont have my linux here :'() and smart install. Thank you all! ;D Title: Re: No firewall log EFW 2.4-community Post by: pureobscure on Friday 18 June 2010, 05:02:33 am Edit: I got everything working :D
Title: Re: No firewall log EFW 2.4-community Post by: zreis on Saturday 07 August 2010, 12:39:49 am Does anyone have a working link for that package?
ulogd-2.0.0-0.endian8.i586.rpm Title: Re: No firewall log EFW 2.4-community Post by: zreis on Friday 13 August 2010, 04:51:49 am The the link to download the file is broken and smart / efw-upgrade do not work! :-[
Could someone upload the ulogd rpm please? ***Resolved by registering and running efw-upgrade -s. Title: Re: No firewall log EFW 2.4-community Post by: lorsungcu on Thursday 14 October 2010, 03:30:58 am I agree, the link is broken. I'd register and try doing it that way, but the registration link is also down. I really need this working, can someone point me to the correct package?
Title: Re: No firewall log EFW 2.4-community Post by: g13013 on Sunday 17 October 2010, 09:42:54 pm I can't download the file, link is dead!!
Title: Re: No firewall log EFW 2.4-community Post by: AIRW on Wednesday 24 November 2010, 10:36:39 pm *ttp://rapidshare.com/files/432817530/ulogd-2.0.0-0.endian8.i586.rpm
Title: Re: No firewall log EFW 2.4-community Post by: sindrom on Wednesday 24 November 2010, 11:45:22 pm thank you ;)
Title: Re: No firewall log EFW 2.4-community Post by: Ackrapong on Wednesday 22 December 2010, 04:14:07 pm Hi!
mine, add plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so" to /etc/ulogd.conf and reboot. Then everything work fine. Hope it could help. OHMM Title: Re: No firewall log EFW 2.4-community Post by: timeuz on Wednesday 22 December 2010, 10:39:37 pm at 2.4.1 this problem is solved...
try: efw-update -s |