Re: Change iptables log format (would be a nice feature)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ray Leach <raymondl@knowledgefactory.co.za>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: Change iptables log format (would be a nice feature)
Date: Tue, 07 Oct 2003 07:27:47 +0200	[thread overview]
Message-ID: <1065504467.2952.16.camel@raylinux.internal> (raw)
In-Reply-To: <1065456746.1189.32.camel@valhalla>

[-- Attachment #1: Type: text/plain, Size: 1354 bytes --]

On Mon, 2003-10-06 at 18:12, Chris Brenton wrote:
> On Thu, 2003-10-02 at 10:40, Lasse B. Jensen wrote:
> >
> > Is it possible to change the log format of iptables?
> 
What about using something like ULOG?

AFAIR you can use ULOG (and ulogd) to 'redirect' the log to almost any
other format, including a SQL database.

> As others have pointed out this is not possible, however it might make a
> nice feature to be added in. I've noticed that in high bandwidth
> environments what chokes throughput the most is logging. This
> materializes as the boxes throughput topping out quicker as well as
> garbled/partial log entries being written.
> 
> I *strongly* feel that one of Netfilter's biggest strengths is the level
> of detail in the logs and would hate to see that change. When your
> pushing high speeds however, your choices come down to collecting
> verbose info (and thus limiting throughput) or not collecting log
> entries. An option that permits a terse log format (say IPs, ports &
> transport only) might be a nice balance.
> 
> Just my $.02,
> Chris
> 
-- 
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
--

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

next prev parent reply	other threads:[~2003-10-07  5:27 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-10-02 14:40 Change iptables log format Lasse B. Jensen
2003-10-05 14:08 ` Harald Welte
2003-10-06 16:12 ` Change iptables log format (would be a nice feature) Chris Brenton
2003-10-07  5:27   ` Ray Leach [this message]
2003-10-07  9:47   ` Harald Welte
2003-10-08 10:11     ` Lasse B. Jensen
2003-10-08 12:24       ` Harald Welte
2003-10-08 12:57         ` Lasse B. Jensen
2003-10-07 16:11   ` Peter Marshall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1065504467.2952.16.camel@raylinux.internal \
    --to=raymondl@knowledgefactory.co.za \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.