Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 21 December 2024, 10:17:11 pm

Login with username, password and session length

Visit the Official Endian Reference Manual  HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  No firewall log EFW 2.4-community
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] 2 Go Down Print
Author Topic: No firewall log EFW 2.4-community  (Read 68607 times)
strangetpwn
Jr. Member
*
Offline Offline

Posts: 4


« on: Saturday 29 May 2010, 01:16:04 am »

It appears that firewall logging is not working on my fresh efw 2.4 community install.

No "hits" are being logged to file - the Live Log page is blank and the Firewall log viewer page displays the message "No (or only partial) logs exist for the given day: /var/log/firewall could not be opened" - Logging into the console confirms that no such /var/log/firewall file exists.

I tried to create a file using "touch firewall", but I'm not sure if this would be effective or if I set the permissions right, but the message did disappear.

I've tried to create situations that should create hits for the log file such a selecting "log accepted packets" and denying traffic from green>red on port 80, and the firewall itself is working, but without logging.
Logged
ad.aimm
Full Member
***
Offline Offline

Posts: 36


« Reply #1 on: Saturday 29 May 2010, 02:16:17 am »

hi,

i agree with you but i don't know how to fix it.

regards.

ad
Logged
wavrunrx2
Full Member
***
Offline Offline

Posts: 12


« Reply #2 on: Sunday 30 May 2010, 06:03:52 am »

same here, the firewall log is not logging anything.
(ive enabled the 'Log refused packets' tick) on the logs--->settings page.

endian-christain, any idea how to fix this ?
Logged
necromanx
Jr. Member
*
Offline Offline

Posts: 4


« Reply #3 on: Monday 31 May 2010, 05:26:29 pm »

I am having the same problem.
Logged
ofernandez
Jr. Member
*
Offline Offline

Posts: 1


« Reply #4 on: Monday 31 May 2010, 07:38:59 pm »

I'm the same problem.
Logged
actaris
Full Member
***
Offline Offline

Gender: Male
Posts: 12



WWW
« Reply #5 on: Monday 31 May 2010, 08:05:30 pm »

yes, me too:
upgrade from a 2.3 box
Logged

System Administrator, Intergraph PDS Administrator,

Endian 2.4 on Intel D510M0, 2 GB RAM, CF 16 GB on Sata Adapter
Maestrale
Full Member
***
Offline Offline

Posts: 11


« Reply #6 on: Monday 31 May 2010, 09:12:56 pm »

Me too from  2.3 to 2.4
Logged
schraads
Jr. Member
*
Offline Offline

Posts: 4


« Reply #7 on: Tuesday 01 June 2010, 05:41:08 am »

I did a fresh install of 2.4.0 Community and I am seeing the same problem.

Over at Endian bug tracker, they are seeing that ULOG refuses to start.

When checking the firewall logs, neither the live logs nor the firewall logs display any information. The /var/log/firewall is present but shows 0 bytes.

After checking the initial configuration, this seems to be a problem with ulog. It refuses to start. I tried to start it manually and the syslog file shows the following error message:

Mon May 31 16:48:06 2010 <5> ulogd.c:372 registering plugin `NFLOG'
Mon May 31 16:48:06 2010 <5> ulogd.c:372 registering plugin `ULOG'
Mon May 31 16:48:06 2010 <5> ulogd.c:372 registering plugin `NFCT'
Mon May 31 16:48:06 2010 <5> ulogd.c:372 registering plugin `IFINDEX'
Mon May 31 16:48:06 2010 <5> ulogd.c:372 registering plugin `SYSLOG'
Mon May 31 16:48:06 2010 <5> ulogd.c:372 registering plugin `BASE'
Mon May 31 16:48:06 2010 <5> ulogd.c:372 registering plugin `PRINTPKT'
Mon May 31 16:48:06 2010 <7> ulogd.c:721 cannot find key `ip.saddr.str' in stack
Mon May 31 16:48:06 2010 <7> ulogd.c:721 cannot find key `ip.saddr.str' in stack
Mon May 31 16:48:06 2010 <8> ulogd.c:1173 not even a single working plugin stack
Logged
wavrunrx2
Full Member
***
Offline Offline

Posts: 12


« Reply #8 on: Tuesday 01 June 2010, 08:13:21 am »

this is a major issue in my mind; i need to see attempts at my network.
we need a fix fast.
Logged
endian-christian
Full Member
***
Offline Offline

Posts: 33


« Reply #9 on: Tuesday 01 June 2010, 06:54:55 pm »

Hello,

Thank you very much - we found the issue and created a new package.
You can try and download it here: http://public.endian.com/christian/ulogd-2.0.0-0.endian8.i586.rpm.

Regards,
Christian
Logged
ad.aimm
Full Member
***
Offline Offline

Posts: 36


« Reply #10 on: Tuesday 01 June 2010, 09:22:34 pm »

hi,

new rpm is in conflict with the old one : ulog-2.0.0-0.endian7.i586

even with --replacepkgs , i can't install it.

any idea ?

regards,

ad.
Logged
strangetpwn
Jr. Member
*
Offline Offline

Posts: 4


« Reply #11 on: Tuesday 01 June 2010, 10:54:24 pm »

hi,

new rpm is in conflict with the old one : ulog-2.0.0-0.endian7.i586

even with --replacepkgs , i can't install it.

any idea ?

regards,

ad.

Try

rpm -i --force

Don't forget to reboot
Logged
endian-christian
Full Member
***
Offline Offline

Posts: 33


« Reply #12 on: Wednesday 02 June 2010, 12:35:14 am »

hi,

new rpm is in conflict with the old one : ulog-2.0.0-0.endian7.i586

even with --replacepkgs , i can't install it.

any idea ?

regards,

ad.

Try using smart

Code:
smart install ulogd-2.0.0-0.endian8.i586.rpm
Logged
ad.aimm
Full Member
***
Offline Offline

Posts: 36


« Reply #13 on: Wednesday 02 June 2010, 03:07:50 am »

works with --force and firewall logs work too after this update

thx u

ad.
Logged
actaris
Full Member
***
Offline Offline

Gender: Male
Posts: 12



WWW
« Reply #14 on: Wednesday 02 June 2010, 05:09:47 am »

Tnx Christian,
I downloaded the rpm, transferred with WinSCP and installed with
Code:
smart install ulogd-2.0.0-0.endian8.i586.rpm
and the firewall's log now works without reboot!
Logged

System Administrator, Intergraph PDS Administrator,

Endian 2.4 on Intel D510M0, 2 GB RAM, CF 16 GB on Sata Adapter
Pages: [1] 2 Go Up Print 
« previous next »
Jump to:  

Page created in 0.172 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com