[wellylug] messages file - was: traffic accounting]

[William Hamilton]

Cliff Pratt wrote:
> William Hamilton wrote:
>>
>> William Hamilton wrote:
>>> Hi all looking for some comments as to what traffic accounting 
>>> software people are using.  I have a client with multiple machines 
>>> internally with a shorewall firewall.  They would like to start 
>>> accounting for traffic volumes, volume and type of data.
>>>
>>> Any suggestions.  I can use accounting in shorewall but is there 
>>> anything better and easier to report on?
>>>
>>  >Adding to my own email..  they are looking to track usage down to each
>>  >internal machine.
>>
>> Once again adding to my email BUT a new one almost.  Having setup 
>> accounting within shorewall I found that /var/log/messages is being 
>> created as a directory NOT as a file (this making logging difficult).
>>
>> Any ideas as to why this is happening and how to fix?  The setup is 
>> fairly new, not far of base Debian stable build (addition of a 
>> firewall packages etc).
>>
> Strange! I have a standard Debian setup with Shorewall and I don't see 
> that. What is in the /var/log/messages directory?

Empty..  been taking a better look at it and it is looking much darker. 
  Unable to add users as shadow cannot be read and a number of things. 
I am taking a blat through it now to see what else I can find.  At first 
glance everything looks fine but will compare to another machine and see 
what I come up with.

sysklogd being used for logging, pretty much just shorewall and squid 
installed (that I can see so far).  I will prob look at adding snort 
incase they have had a dodgy happening.

The client is back on board tomorrow so would be nice to tell them I 
fixed a few other things when I was doing the accounting stuff :)

BTW Cliff your package from your website was not able to be found.

W