6 Replies Latest reply on Jun 27, 2007 6:30 AM by siglert

    How to enable firewall logging on ESX 3

    jhanekom Master

      After not having much luck debugging queries from a particular piece of management software on the VI3 console, I tried getting firewall logging enabled.

       

      This proved to be a tough exercise, so I thought I'd document it here in case someone else finds it useful.  I've marked the topic as a question and will award points to anyone more clued-up than I am that can point out a reasonable way of limiting the output of the logging mechanism to iptables messages only, and not all debug content.

       

       

      The first part to enabling firewall logging is to use the -v option of esxcfg-firewall.  Note, however, that this option does not work on its own and must be used in conjunction with one of the other operations, so run something to the effect of "esxcfg-firewall -v -l", which re-loads the existing configuration and enables logging.  (Making any changes to the firewall config after this removes the logging options.)

       

      The next step is to enable debug-logging in syslog to allow you to view the messages.  To do this, make a backup copy of /etc/syslog.conf, open /etc/syslog.conf in your favourite text editor and locate the following line:

      *.info;mail.none;authpriv.none;cron.none;local6.none;local5.none   /var/log/messages

      /code

      Change *.info to *.debug, so that the line reads as follows:

      *.debug;mail.none;authpriv.none;cron.none;local6.none;local5.none   /var/log/messages

      /code

       

      Now, restart the syslog daemon by running "service syslog restart".

       

      All debug-level messages (including the iptables firewall messages) will now be recorded in /var/log/messages.  Use "tail -f /var/log/messages" during debugging sessions to get a real-time view of what's being blocked.

       

      Warning: enabling this level of logging will cause the messages file to grow fairly rapidly.  Keep an eye on the free space on the /var volume and disable debug-logging once you've finished debugging.[/b]