IPTables logging

IPTables logging

[Patrick Topping]

Is it possible to have iptables log to some other file than the messages 
file on a linux server??  I would like to be able to have a log file of 
just iptables info and not all the other system info.  Thanks in advance.

-Patrick

Re: IPTables logging

[Joel Newkirk]

On Monday 03 February 2003 10:38 pm, Patrick Topping wrote:
> Is it possible to have iptables log to some other file than the
> messages file on a linux server??  I would like to be able to have a
> log file of just iptables info and not all the other system info. 
> Thanks in advance.
>
> -Patrick

How you do this will depend on your Linux distribution, but the following 
is the general method that works in most cases.

Edit your /etc/syslog.conf file and add the following line:

kern.=debug 	 /var/log/firewall

This will tell it to send Kernel logging messages (Netfilter is part of 
the kernel, after all) of level "debug" to the listed file.  In normal 
usage, most people have very little kernel debug logging traffic.  You 
WILL have other messages occasionally, but unless you are actually 
debugging a kernel build they will be minimal.

You will need to restart the syslogd daemon after this change.  On many 
systems this can be done (as root) with:

service syslog restart

Or by simply restarting the machine.

The final ingredient is to append "--log-level 7" to all your iptables 
log rules, telling it to log as debug-level messages, which you've 
already told syslog to write to their own file.

j

Re: IPTables logging

[Eric Leblond]

Le mar 04/02/2003 à 04:38, Patrick Topping a écrit :
> Is it possible to have iptables log to some other file than the messages 
> file on a linux server??  

Use Ulog, you've got the control of were you want to log (in a file) and
you can log in a database (psql or mysql).
Furthermore you can specify how much packets you ong at once, that
dramatically decrease filesystem I/O.

--
Eric

iptables logging

[Stephen Clark]

Hello,

Is there a way to have iptables LOG using a 
facility other than "kern".
I would like to
segregate out the messages from iptables into a 
file separate from
/var/log/messages.

Any advice would be appreciated.

Steve

-- 

"They that give up essential liberty to obtain 
temporary safety,
deserve neither liberty nor safety."  (Ben Franklin)

"The course of history shows that as a government 
grows, liberty
decreases."  (Thomas Jefferson)

Re: iptables logging

[Jan Engelhardt]

On Nov 15 2007 15:31, Stephen Clark wrote:
>
> Hello,
>
> Is there a way to have iptables LOG using a facility other than "kern".
> I would like to
> segregate out the messages from iptables into a file separate from
> /var/log/messages.
>
> Any advice would be appreciated.

You should use syslog-ng, which allows text matching and filtering.
This is from a regular openSUSE install:

	filter f_iptables   { facility(kern) and match("IN=") and match("OUT="); };

Or, you can use the ULOG target together with ulogd2.

Re: iptables logging

[Stephen Clark]

Jan Engelhardt wrote:

>On Nov 15 2007 15:31, Stephen Clark wrote:
>  
>
>>Hello,
>>
>>Is there a way to have iptables LOG using a facility other than "kern".
>>I would like to
>>segregate out the messages from iptables into a file separate from
>>/var/log/messages.
>>
>>Any advice would be appreciated.
>>    
>>
>
>You should use syslog-ng, which allows text matching and filtering.
>This is from a regular openSUSE install:
>
>	filter f_iptables   { facility(kern) and match("IN=") and match("OUT="); };
>
>Or, you can use the ULOG target together with ulogd2.
>
>
>  
>
Hi Jan,

Thanks for taking the time to reply. I'll check them both out.

Steve

-- 

"They that give up essential liberty to obtain temporary safety, 
deserve neither liberty nor safety."  (Ben Franklin)

"The course of history shows that as a government grows, liberty 
decreases."  (Thomas Jefferson)