From: Georgi Alexandrov <tehlists@hotpop.com>
To: netfilter@lists.netfilter.org
Subject: Re: netfilter logging
Date: Wed, 08 Jun 2005 18:52:34 +0300 [thread overview]
Message-ID: <42A71442.7060000@hotpop.com> (raw)
In-Reply-To: <5885.212.100.225.55.1118237133.squirrel@webmail.*>
Jimmy wrote:
>Hello,
>
>I have just started to log my iptables drops. As seen with this line in my
>iptables-save output.
>
>-A INPUT -j LOG --log-level 1
>-A INPUT -j LOG --log-prefix "Dropped: "
>
>What I would like to know is how I can get iptables to NOT log to console
>only to the message logs. Currently it goes into /var/log/syslog
>
>Here is my syslog configuration. I cant see whats wrong with it.
>
># /etc/syslog.conf
># For info about the format of this file, see "man syslog.conf"
># and /usr/doc/sysklogd/README.linux. Note the '-' prefixing some
># of these entries; this omits syncing the file after every logging.
># In the event of a crash, some log information might be lost, so
># if this is a concern to you then you might want to remove the '-'.
># Be advised this will cause a performation loss if you're using
># programs that do heavy logging.
>
># Uncomment this to see kernel messages on the console.
>#kern.* /dev/console
>
># Log anything 'info' or higher, but lower than 'warn'.
># Exclude authpriv, cron, mail, and news. These are logged elsewhere.
>*.info;*.!warn;\
> authpriv.none;cron.none;mail.none;news.none -/var/log/messages
>
># Log anything 'warn' or higher.
># Exclude authpriv, cron, mail, and news. These are logged elsewhere.
>*.warn;\
> authpriv.none;cron.none;mail.none;news.none -/var/log/syslog
>
># Debugging information is logged here.
>*.=debug -/var/log/debug
>
># Private authentication message logging:
>authpriv.* -/var/log/secure
>
># Cron related logs:
>cron.* -/var/log/cron
>
># Mail related logs:
>mail.* -/var/log/maillog
>
># Emergency level messages go to all users:
>*.emerg *
>
># This log is for news and uucp errors:
>uucp,news.crit -/var/log/spooler
>
># Uncomment these if you'd like INN to keep logs on everything.
># You won't need this if you don't run INN (the InterNetNews daemon).
>#news.=crit -/var/log/news/news.crit
>#news.=err -/var/log/news/news.err
>#news.notice -/var/log/news/news.notice
>
>
>Any advice would be great.
>
>Thanks
>
>
>
Hello,
Try the ULOG target [1] and the ulogd daemon [2].
That combination will allow you to log to a particular file.
[1] - http://iptables-tutorial.frozentux.net/iptables-tutorial.html
[2] - http://freshmeat.net/projects/ulogd/
regards,
Georgi Alexandrov
next prev parent reply other threads:[~2005-06-08 15:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-08 13:25 netfilter logging Jimmy
2005-06-08 13:34 ` Vincent Lenouvel
2005-06-08 17:26 ` /dev/rob0
2005-06-08 15:52 ` Georgi Alexandrov [this message]
2005-06-08 17:14 ` /dev/rob0
2005-06-10 18:02 ` Jason Opperisano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42A71442.7060000@hotpop.com \
--to=tehlists@hotpop.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.