Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Where do I enable firewall logs and set its levels?

  1. #1

    Default Where do I enable firewall logs and set its levels?

    Couldn't find it in Yast-Firewall or did I miss it?
    I don't know if firewall logging is already enabled but my /var/log/firewall, firewalld are empty atm.
    I'd like to have it enabled and logging level at warning or something?

  2. #2

    Default Re: Where do I enable firewall logs and set its levels?

    OK I find the thread saying the log is in
    Code:
    sudo journalctl -u SuSEfirewall2
    Also I find the Yast-firewall-options-"change log denied". It's currently off. It means it doesn't log denied attempt? I'm changing it to all.
    openSUSE Leap 15.0

  3. #3
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,727

    Default Re: Where do I enable firewall logs and set its levels?

    First check if you are still running SuSEfirewall2 or firewalld.
    Henk van Velden

  4. #4
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,009
    Blog Entries
    1

    Default Re: Where do I enable firewall logs and set its levels?

    Check the current status with
    Code:
    sudo systemctl status firewalld
    Code:
    sudo systemctl status SuSEfirewall2
    Assuming firewalld is running, you can launch the GUI with
    Code:
    su -c firewall-config
    and under the options menu it is possible to change the 'Log Denied' value as desired.

    Log Denied Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones. Possible values are: all, unicast, broadcast, multicast and off.

    Code:
    LogDenied=off
    openSUSE Leap 15.0; KDE Plasma 5

  5. #5

    Default Re: Where do I enable firewall logs and set its levels?

    Quote Originally Posted by deano_ferrari View Post
    Check the current status with
    Code:
    sudo systemctl status firewalld
    active and loaded
    Code:
    sudo systemctl status SuSEfirewall2
    susefirewall service couldn't be found

    Assuming firewalld is running, you can launch the GUI with
    Code:
    su -c firewall-config
    and under the options menu it is possible to change the 'Log Denied' value as desired.
    I've changed it to log all. I suppose it's now logging all denied access in /var/log/firewalld?
    I don't know if that's the highest level of logging but my /var/log/firewalld is still empty.

    I googled a bit more and found there's this setting at /etc/sysconfig/firewalld, where one can set
    FIREWALLD_ARGS=--debug=10 (mine now is empty after "=")

    Should I touch this setting if I want more activities in log?
    openSUSE Leap 15.0

  6. #6
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    19,586
    Blog Entries
    14

    Default Re: Where do I enable firewall logs and set its levels?

    Did you restart the firewalld after changing the log option?
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  7. #7
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    2,410

    Default Re: Where do I enable firewall logs and set its levels?

    Given that “bonedriven” is using the Red Hat “firewalld”, within the Firewalld configuration there's a, IMHO, very confusing configuration parameter in ‘/etc/firewalld/firewalld.conf’:
    • LogDenied

    According to the man page:
    The default setting is off, which disables the logging.
    AFAICS, this means if, “LogDenied” is set to one of ‘all’, ‘unicast’, ‘broadcast’ or ‘multicast’ then, logging will occur for everything except, the defined logging level.
    I haven't tested this yet but, will check it possibly later today …

  8. #8
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    2,410

    Default Re: Where do I enable firewall logs and set its levels?

    Correction:
    Quote Originally Posted by dcurtisfra View Post
    AFAICS, this means if, “LogDenied” is set to one of ‘all’, ‘unicast’, ‘broadcast’ or ‘multicast’ then, logging will occur for everything except, the defined logging level.
    At a guess, “LogDenied” means «Log packets denied»: meaning, provided the interface isn't assigned to the zone “trusted” – ‘nothing is denied’ – the denied packets of type ‘unicast’, ‘broadcast’ or ‘multicast’ or ‘all’, will be logged …

  9. #9

    Default Re: Where do I enable firewall logs and set its levels?

    Quote Originally Posted by Knurpht View Post
    Did you restart the firewalld after changing the log option?
    Yeah I reboot the machine. I'm just surprised the firewalld log is always empty, after hours of running.
    openSUSE Leap 15.0

  10. #10
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    2,410

    Unhappy Re: Where do I enable firewall logs and set its levels?

    Quote Originally Posted by bonedriven View Post
    I'm just surprised the firewalld log is always empty, after hours of running.
    I agree. I've setup with Standard zone “block” – assigned to the interface “eth0” – logging “all” denied packets …
    • Rebooted.
    • In /var/log/firewalld – nothing …
    • In the systemd journal: yes – lots of traces like this: “kernel: IN_block_REJECT: IN=eth0 OUT= MAC= SRC=fe80:0000:0000:0000:16da:e9ff:feec:a04d DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=527 TC=0 HOPLIMIT=255 FLOWLBL=804001 PROTO=UDP SPT=5353 DPT=5353 LEN=487”

    Why the system is running, not nicely, but running – I have absolutely no idea …
    • At boot time, packets were being blocked before wicked enabled the interface …


    Reference URLs:
    Debug firewalld: <https://firewalld.org/documentation/...firewalld.html>.
    How to log drops and rejects by firewalld – as of 2014, you can't: <https://ask.fedoraproject.org/en/que...-by-firewalld/>.
    Logging Packet Drops in Firewalld: <https://bluehatrecord.wordpress.com/...-in-firewalld/>.

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •