Re: IPTables logging - Joel Newkirk

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Joel Newkirk <netfilter@newkirk.us>
To: Patrick Topping <ptopping@pobox.com>, netfilter@lists.netfilter.org
Subject: Re: IPTables logging
Date: Mon, 3 Feb 2003 23:07:47 -0500	[thread overview]
Message-ID: <200302032307.47227.netfilter@newkirk.us> (raw)
In-Reply-To: <3E3F35B9.2040903@pobox.com>

On Monday 03 February 2003 10:38 pm, Patrick Topping wrote:
> Is it possible to have iptables log to some other file than the
> messages file on a linux server??  I would like to be able to have a
> log file of just iptables info and not all the other system info. 
> Thanks in advance.
>
> -Patrick

How you do this will depend on your Linux distribution, but the following 
is the general method that works in most cases.

Edit your /etc/syslog.conf file and add the following line:

kern.=debug 	 /var/log/firewall

This will tell it to send Kernel logging messages (Netfilter is part of 
the kernel, after all) of level "debug" to the listed file.  In normal 
usage, most people have very little kernel debug logging traffic.  You 
WILL have other messages occasionally, but unless you are actually 
debugging a kernel build they will be minimal.

You will need to restart the syslogd daemon after this change.  On many 
systems this can be done (as root) with:

service syslog restart

Or by simply restarting the machine.

The final ingredient is to append "--log-level 7" to all your iptables 
log rules, telling it to log as debug-level messages, which you've 
already told syslog to write to their own file.

j

next prev parent reply	other threads:[~2003-02-04  4:07 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-02-04  3:38 IPTables logging Patrick Topping
2003-02-04  4:07 ` Joel Newkirk [this message]
2003-02-04  8:24 ` Eric Leblond

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200302032307.47227.netfilter@newkirk.us \
    --to=netfilter@newkirk.us \
    --cc=netfilter@lists.netfilter.org \
    --cc=ptopping@pobox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox