"monitor firewall name <name>" does not monitor any firewall-log-entry
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	mdsmds
	May 4 2016, 11:42 AM

Description

monitor firewall name <name>

does not monitor any firewall-log-entry.
If we look at /var/log/messages we can confirm that new firewall log entries are just arriving....
If we use

monitor log

we can read live monitor and all is OK (except that this is an all-log monitor).

But instead, I repeat, if we use

monitor firewall name <name>

nothing happens.

Details

Difficulty level: Easy (less than an hour)

Event Timeline

mdsmds created this task.May 4 2016, 11:42 AM

@EwaldvanGeffen please check this out.
Thanks!

On which version was this experienced? Cannot reproduce on 1.1.6, 1.1.7 and 1.2. Could you provide the output of sudo iptables-save? Or sudo iptables -t filter -L -nv (includes packet counters and should show you why your traffic is not hitting your log-rule).

One possible point of possible confusion I found is that ingressing local-destined traffic is not contained in 'interface <> firewall in' but 'interface <> firewall local' (as expected, if you know it exists).

On 1.2 I do receive https://debbugs.gnu.org/db/11/11823.html but I'm assuming we should kick core-utils version forward to resolve.

1.2.0-beta1

@Ewaldvan, I've sent a screencast-link in email...

@mdsmds looks good. I can work with this :) patch

Merged, closing.

syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc2); removed VyOS 1.1.x (1.1.8).Oct 13 2018, 8:52 AM

syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-rc2) board.

syncer added a project: VyOS-1.2.0-GA.Oct 15 2018, 10:48 PM

"monitor firewall name <name>" does not monitor any firewall-log-entryClosed, ResolvedPublicActions

Description

Details

Event Timeline

"monitor firewall name <name>" does not monitor any firewall-log-entry
Closed, ResolvedPublic
Actions