pve-firewall no logs even on level debug

tim taler

Member
Mar 8, 2018
19
0
6
25
Hi,
what's wrong with firewall logging?

the pve firewall in my cluster seems to work fine except it shows no logs?

I set
"/etc/pve/nodes/<nodenmae>/host.fw"

to:
---snipp---
[OPTIONS]

tcpflags: 1
smurf_log_level: info
tcp_flags_log_level: info
log_level_in: debug
log_level_out: debug
---snapp---

but if I try to access the server through a banned device there are no log entries in
/var/log/pve-firewall.log
just:

---snipp---
...
0 5 - 07/Feb/2019:11:56:33 +0100 starting pvefw logger
0 5 - 07/Feb/2019:11:56:37 +0100 received terminate request (signal)
0 5 - 07/Feb/2019:11:56:37 +0100 stopping pvefw logger
0 5 - 07/Feb/2019:11:56:38 +0100 starting pvefw logger
0 5 - 07/Feb/2019:12:08:39 +0100 received terminate request (signal)
0 5 - 07/Feb/2019:12:08:39 +0100 stopping pvefw logger
0 5 - 07/Feb/2019:12:11:04 +0100 starting pvefw logger
0 5 - 07/Feb/2019:12:11:09 +0100 received terminate request (signal)
0 5 - 07/Feb/2019:12:11:09 +0100 stopping pvefw logger
0 5 - 07/Feb/2019:12:11:09 +0100 starting pvefw logger
...
---snapp---

does there have to be some logging rules in
/etc/pve/firewall/cluster.fw?
(becuase there I didn't mention logging anywhere)
TIA
 
Thanks for confirming, @spirit !

Has this been enhanced recently? If no, will it ever be?

Should we resort to manual iptables rules ? If so, can you please give an example? I'm not sure in which table to add, given all the proxmox-added ones.

Many thanks,
Ciprian
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!