From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Mark E. Donaldson" Subject: RE: (no subject) Date: Fri, 30 Apr 2004 17:10:17 -0700 Sender: netfilter-admin@lists.netfilter.org Message-ID: <200405010010.i410AG2v029967@server5.bandwidthco.com> References: Reply-To: Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_002D_01C42ED6.03067390" Return-path: In-Reply-To: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: 'zze-KHOURY Jad FTRD/DMI/CAE' , netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_002D_01C42ED6.03067390 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =20 _____ =20 From: netfilter-admin@lists.netfilter.org [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of zze-KHOURY Jad FTRD/DMI/CAE Sent: Friday, April 30, 2004 1:33 AM To: netfilter@lists.netfilter.org Subject: (no subject) Hi,=20 I'm having some problems finding how to log ONLY iptable log messages = to another file other than messages. So I made some changes in the "sylsog.conf" file by adding: kern.warning /var/log/firewall since the Default log level entry is" warning". But I still reveive some message = other than the packets, from the kernel itself! how can I limit the input messages to only Netfilter packets?=20 What should I change in the syslog.conf file If I don't want to receive Netfilter messages in this file?=20 =20 regards=20 Jad =20 =20 To isolate firewall log messages into a separate or dedicated file. By default, netfilter logs to the kern.info syslog facility. This places all the firewall log messages into /var/log/messages along with = all other kernel messages. This behavior is not exceedingly friendly for firewall log parsing and analysis. However, since the Linux kernel logs = very little by default at the =93debug=94 level, there is an easy solution. = Follow these steps: =20 =A7 Set logging level to =93debug=94 in the firewall script: =20 LOG_LEVEL=3D"debug" =20 =A7 Place the LOG_LEVEL variable in rule sets for all packets to = be logged: =20 -j LOG --log-level $LOG_LEVEL =20 =A7 Tell syslog to log only kernel.debug messages to the = firewall log file: =20 kern.=3Ddebug /var/log/iptables/iptables.log =20 =A7 Tell syslog not to place firewall messages into = /var/log/messages: =20 *.*;kern.!=3Ddebug /var/log/messages =20 =A7 Restart syslog: ./etc/init.d/syslog restart =20 ------=_NextPart_000_002D_01C42ED6.03067390 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 

From: = netfilter-admin@lists.netfilter.org=20 [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of = zze-KHOURY Jad=20 FTRD/DMI/CAE
Sent: Friday, April 30, 2004 1:33 = AM
To:=20 netfilter@lists.netfilter.org
Subject: (no=20 subject)

Hi,
 I'm=20 having some problems finding how to log ONLY iptable log messages to = another=20 file other than messages. So I made some changes in the "sylsog.conf" = file by=20 adding: kern.warning /var/log/firewall since the Default log = level entry=20 is" warning". But I still reveive some message other than the packets, = from the=20 kernel itself!

 how can I limit the input messages = to only=20 Netfilter packets?
What should I = change in=20 the syslog.conf file If I don't want to receive Netfilter messages in = this=20 file?
 

regards
Jad  

 

       &nbs= p;   To=20 isolate firewall log messages into a separate or dedicated file. = By=20 default, netfilter logs to the kern.info=20 syslog facility. This places all the firewall log messages into=20 /var/log/messages along with all other kernel messages. This behavior is = not=20 exceedingly friendly for firewall log parsing and analysis. However, = since the=20 Linux kernel logs very little by default at the =93debug=94 level, there = is an easy=20 solution. Follow these steps:

 

=A7        =20 Set = logging level=20 to =93debug=94 in the firewall script:

 

LOG_LEVEL=3D"debug"

 

=A7        =20 Place = the LOG_LEVEL=20 variable in rule sets for all packets to be logged:

 

-j LOG --log-level=20 $LOG_LEVEL

 

=A7        =20 Tell = syslog to log=20 only kernel.debug messages to the firewall log=20 file:

 

kern.=3Ddebug           &nbs= p;            = ;            =  =20 /var/log/iptables/iptables.log

 

=A7        =20 Tell syslog not to place firewall messages into=20 /var/log/messages:

 

*.*;kern.!=3Ddebug       =20 /var/log/messages

 

=A7        =20 Restart syslog:=20 ./etc/init.d/syslog restart

 

------=_NextPart_000_002D_01C42ED6.03067390--