Iptables log disappeared?

I wonder what hapened to iptables log (and iptables?) - it used be logged some time ago, but last entry in my case is from October 7 :wink: Was it abandoned or replaced by something else? I wasn’t able to find any note in documentation :wink:

I may have the same problem , the firewall logs were present in LuCi > Kernel Log, now they are gone. Asked the question and it got closed … a little help would be more appropriate :zipper_mouth_face:

Hello,
it was workaround to get the iptables log sent to Sentinel. As the Sentinel is now using the netlink interface to get the logs, we have disabled logging to console and kernel log.

You can re-enable the old behavior by creating pass-through rule in firewall with logging option enabled.

Thanks for the reply , if Sentinel is using “netlink” to get the logs , how do we view the logs?

1 Like

See Sentinel - Turris Documentation

Thank you for your time but I have already read ALL of that many times over. It doesn’t do anything to answer the questioin.

1 Like

So, what is your question?

To see the logs it is probably best to just create a rule to dump them. Another option is to implement application such as Turris / Sentinel / FWLogs collector · GitLab to collect logs from there besides what fwlogs is already doing.
Seeing what actually goes to the Sentinel network is right now not possible without hacking the sentinel components.

1 Like

I thought the EU was super transparent when it comes to sending user data to third parties?

It is and we declare what we collect and can collect in EULA. You can even see all data in Sentinel View. The question was how to see them on the router in raw as they are collected and that is what is not currently possible. It is like wanting a dump from anywhere in the program that processes your data. It is not feasible to allow that. What the EU wants is transparency for what is collected and we comply with that. You can in our case read complete source code to see what and how data are collected.

1 Like

understood…

so to

the user should

as the logs were never for user purposes…

got it…

1 Like

From my experience with logs…
Kernellog is filled with iptables entries until “syslog-ng” service is started.
After syslog-ng is running, messages, iptables are having correspond entries based on filter in syslog-ng.conf.
But, once nikola is dispatched from cron (after 15 mins after bootup), it cause that filtering is no longer active so it stops filling the iptables file. To mitigate that i had to change a bit syslog-ng.conf and logrotate.d/iptables config (that after rotation syslog-ng is restarted). It is partially working, time to time iptables file is left un-updated (or there is 20mins gap)
I’ve also changed crons, so logrotate and nikola processes are not runing at same time.

I have still TOS 3.11.x (and not using sentinel) so maybe this is not the case for TOS 5.x

1 Like