Uploaded image for project: 'Untangle NGFW'
  1. Untangle NGFW
  2. NGFW-11918

untangle rsyslog configurations are wrong

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Want
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 14.0.0
    • Component/s: Intrusion Prevention
    • Labels:
      None
    • Story Points:
      2

      Description

      Snort output is going to both syslog and snort.log instead of just snort.log.  The log file looks very strange:

      # provides UDP syslog reception
      $ModLoad imudp
      $UDPServerRun 514
      $FileCreateMode 0644$outchannel oc_snort.log,/var/log/snort.log,524288000,/usr/share/untangle-system-config/syslog-maxsize-rotate.sh /var/log/snort.log
      :syslogtag, startswith, "snort" :omfile:$oc_snort.log
      $outchannel stop,stop,524288000,/usr/share/untangle-system-config/syslog-maxsize-rotate.sh stop
      & :omfile:$stop

      It does not look like file in untangle-snort-config (git) and packaged which is correct:

      # provides UDP syslog reception
      $ModLoad imudp
      $UDPServerRun 514
      $FileCreateMode 0644$outchannel oc_snort.log,/var/log/snort.log,524288000,/usr/share/untangle-system-config/syslog-maxsize-rotate.sh /var/log/snort.log
      :syslogtag, startswith, "snort" :omfile:$oc_snort.log
      & stop

      The duplication and modification of the $outchannel line and the final line suggests to me that something is modifying the file after install but I don't see where we're doing that in either uvm or ips.

      Also, we need a pre-req on untangle-snort-config on snort so we can properly override the logroate script.

      Update: This is affecting the uvm logs as well. 

        Attachments

          Activity

            People

            • Assignee:
              cblaise Chris Blaise
              Reporter:
              cblaise Chris Blaise
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support