how to configure iptables / syslog to log to separate file

how to configure iptables / syslog to log to separate file

[Randall J. Parr]

Can I, and if so how can I, configure iptables (esp using GuardDog which
I use to configure iptables) and/or syslog (ie /etc/syslog.conf, ...) so
that my firewall messages are logged into a file other than
/var/log/messages?

I have searched, looked at tutorial, etc. and found this question asked
many times but without ever finding a decent answer.

If it just can not be done, could someone who knows this please state so?

Thanks

R.Parr
Temporal Arts

Re: how to configure iptables / syslog to log to separate file

[Chris Shepherd]

Quoting "Randall J. Parr" <RParr@TemporalArts.COM>:

> Can I, and if so how can I, configure iptables (esp using GuardDog which
> I use to configure iptables) and/or syslog (ie /etc/syslog.conf, ...) so
> that my firewall messages are logged into a file other than
> /var/log/messages?
> 
> I have searched, looked at tutorial, etc. and found this question asked
> many times but without ever finding a decent answer.
> 
> If it just can not be done, could someone who knows this please state so?

Configure Syslog to log a certain log-level to an alternate file, and then just 
use  "-j LOG --log-level <level>". ie: if you wanted it to log as a notice, 
just setup Syslog to log notices to another file, and drop in a line that reads 
like:

iptables -A LOGGING_TABLE -j LOG --log-level notice --log-prefix="NF: "

I'm not too up on Syslog myself, so you should read the docs for that, but I do 
believe it is possible to log specific log-levels to an alternate file.

-- 
Chris Shepherd

-------------------------------------------------
This email may contain confidential information. Use of any such information
is strictly prohibited without express written consent of the sender

Re: how to configure iptables / syslog to log to separate file

[Athan]

[-- Attachment #1: Type: text/plain, Size: 1608 bytes --]

On Wed, Jan 08, 2003 at 03:37:34PM -0500, Chris Shepherd wrote:
> Quoting "Randall J. Parr" <RParr@TemporalArts.COM>:
> > Can I, and if so how can I, configure iptables (esp using GuardDog which
> > I use to configure iptables) and/or syslog (ie /etc/syslog.conf, ...) so
> > that my firewall messages are logged into a file other than
> > /var/log/messages?
> > 
> > I have searched, looked at tutorial, etc. and found this question asked
> > many times but without ever finding a decent answer.
> > 
> > If it just can not be done, could someone who knows this please state so?
> 
> Configure Syslog to log a certain log-level to an alternate file, and then just 
> use  "-j LOG --log-level <level>". ie: if you wanted it to log as a notice, 
> just setup Syslog to log notices to another file, and drop in a line that reads 
> like:
> 
> iptables -A LOGGING_TABLE -j LOG --log-level notice --log-prefix="NF: "

   That's still only a _kernel_ log _priority_.  So it'll still be in the
kernel facility.  But this is still part of the solution *8-).

   You won't be able to guarantee *ONLY* iptables logging in a file,
but you can set --log-level debug and then in /etc/syslog.conf

kernel.=debug		/var/log/kernel-debug.log

Debug is the level least likely to have stuff generated by other things
normally.

HTH,

-Ath
-- 
- Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/
                  Finger athan(at)fysh.org for PGP key
	   "And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME

[-- Attachment #2: Type: application/pgp-signature, Size: 240 bytes --]