[wellylug] messages file - was: traffic accounting]

Cliff Pratt enkidu at cliffp.com
Sun Jan 7 18:01:49 NZDT 2007 

William Hamilton wrote:
> Cliff Pratt wrote:
>> William Hamilton wrote:
>>>
>>> William Hamilton wrote:
>>>> Hi all looking for some comments as to what traffic accounting 
>>>> software people are using.  I have a client with multiple machines 
>>>> internally with a shorewall firewall.  They would like to start 
>>>> accounting for traffic volumes, volume and type of data.
>>>>
>>>> Any suggestions.  I can use accounting in shorewall but is there 
>>>> anything better and easier to report on?
>>>>
>>>  >Adding to my own email..  they are looking to track usage down to each
>>>  >internal machine.
>>>
>>> Once again adding to my email BUT a new one almost.  Having setup 
>>> accounting within shorewall I found that /var/log/messages is being 
>>> created as a directory NOT as a file (this making logging difficult).
>>>
>>> Any ideas as to why this is happening and how to fix?  The setup is 
>>> fairly new, not far of base Debian stable build (addition of a 
>>> firewall packages etc).
>>>
>> Strange! I have a standard Debian setup with Shorewall and I don't see 
>> that. What is in the /var/log/messages directory?
> 
> Empty..  been taking a better look at it and it is looking much darker. 
>  Unable to add users as shadow cannot be read and a number of things. I 
> am taking a blat through it now to see what else I can find.  At first 
> glance everything looks fine but will compare to another machine and see 
> what I come up with.
> 
> sysklogd being used for logging, pretty much just shorewall and squid 
> installed (that I can see so far).  I will prob look at adding snort 
> incase they have had a dodgy happening.
>
I suggest you check the syslog conf. At least part of mine says:

*.=info;*.=notice;*.=warn;\
         auth,authpriv.none;\
         cron,daemon.none;\
         mail,news.none          -/var/log/messages

A trailing '/' in the name might confuse it, for example. I don't know 
for sure.

 >
> The client is back on board tomorrow so would be nice to tell them I 
> fixed a few other things when I was doing the accounting stuff :)
> 
> BTW Cliff your package from your website was not able to be found.
> 
OK< I can probably find it if you wish, but much of the guts is in the 
article.

Cheers,

Cliff

More information about the wellylug mailing list