Why can I see any Shorewall messages in /var/log/messages?
Some people who ask this question report that the only Shorewall messages that they see in /var/log/messages are ‘started’, ‘restarted’ and ‘stopped’ messages. Answer: First of all, it is important to understand that Shorewall itself does not control where Netfilter log messages are written. The LOGFILE setting in shorewall.conf simply tells the /sbin/shorewall[-lite] program where to look for the log. Also, it is important to understand that a log level of “debug” will generally cause Netfilter messages to be written to fewer files in /var/log than a log severity of “info”. The log level does not control the number of log messages or the content of the messages. The actual log file where Netfilter messages are written is not standardized and will vary by distribution and distribution version. But anytime you see no logging, it’s time to look outside the Shorewall configuration for the cause.
First of all, it is important to understand that Shorewall itself does not control where Netfilter log messages are written. The LOGFILE setting in shorewall.conf simply tells the /sbin/shorewall[-lite] program where to look for the log. Also, it is important to understand that a log level of “debug” will generally cause Netfilter messages to be written to fewer files in /var/log than a log level of “info”. The log level does not control the number of log messages or the content of the messages. The actual log file where Netfilter messages are written is not standardized and will vary by distribution and distribution version. But anytime you see no logging, it’s time to look outside the Shorewall configuration for the cause. As an example, recent SUSEā¢ releases use syslog-ng by default and write Shorewall messages to /var/log/firewall. Please see the Shorewall logging documentation for further information.
