* logging to a different place than kernel ring buffer
@ 2024-11-20 20:06 Marco Moock
2024-11-20 20:52 ` Sven-Haegar Koch
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Marco Moock @ 2024-11-20 20:06 UTC (permalink / raw)
To: netfilter
Hello!
I want to log denied traffic, but to syslog or a file rather than the
kernel ring buffer because that messes up the virtual consoles.
What is a good way to achieve that?
--
Gruß
Marco
Send unsolicited bulk mail to 1732133134muell@stinkedores.dorfdsl.de
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: logging to a different place than kernel ring buffer
2024-11-20 20:06 logging to a different place than kernel ring buffer Marco Moock
@ 2024-11-20 20:52 ` Sven-Haegar Koch
2024-11-20 21:16 ` Jordan Dohms
[not found] ` <PH0PR05MB8159440DE55AAF8E8C6CFB9CB1212@PH0PR05MB8159.namprd05.prod.outlook.com>
2 siblings, 0 replies; 4+ messages in thread
From: Sven-Haegar Koch @ 2024-11-20 20:52 UTC (permalink / raw)
To: Marco Moock; +Cc: netfilter
On Wed, 20 Nov 2024, Marco Moock wrote:
> I want to log denied traffic, but to syslog or a file rather than the
> kernel ring buffer because that messes up the virtual consoles.
>
> What is a good way to achieve that?
Ulogd2
https://www.netfilter.org/projects/ulogd/
c'ya
sven-haegar
--
Three may keep a secret, if two of them are dead.
- Ben F.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: logging to a different place than kernel ring buffer
2024-11-20 20:06 logging to a different place than kernel ring buffer Marco Moock
2024-11-20 20:52 ` Sven-Haegar Koch
@ 2024-11-20 21:16 ` Jordan Dohms
[not found] ` <PH0PR05MB8159440DE55AAF8E8C6CFB9CB1212@PH0PR05MB8159.namprd05.prod.outlook.com>
2 siblings, 0 replies; 4+ messages in thread
From: Jordan Dohms @ 2024-11-20 21:16 UTC (permalink / raw)
To: Marco Moock, netfilter@vger.kernel.org
Alternative to ulogd2, I'd suggest:
Add a 'prefix' to your logging rule(s) and you can build a syslog config off that.
Specify a 'level' in your logging rule(s).
Change the kernel.printk parameter in sysctl to not display the log levels that nft logs to in your console.
Jordan
________________________________________
From: Marco Moock <mm@dorfdsl.de>
Sent: Wednesday, November 20, 2024 3:06 PM
To: netfilter@vger.kernel.org <netfilter@vger.kernel.org>
Subject: logging to a different place than kernel ring buffer
Hello!
I want to log denied traffic, but to syslog or a file rather than the
kernel ring buffer because that messes up the virtual consoles.
What is a good way to achieve that?
--
Gruß
Marco
Send unsolicited bulk mail to 1732133134muell@stinkedores.dorfdsl.de
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: logging to a different place than kernel ring buffer
[not found] ` <PH0PR05MB8159440DE55AAF8E8C6CFB9CB1212@PH0PR05MB8159.namprd05.prod.outlook.com>
@ 2024-11-28 19:16 ` Marco Moock
0 siblings, 0 replies; 4+ messages in thread
From: Marco Moock @ 2024-11-28 19:16 UTC (permalink / raw)
To: netfilter@vger.kernel.org
Am 20.11.2024 um 21:14:07 Uhr schrieb Jordan Dohms:
> Change the kernel.printk parameter in sysctl to not display the log
> levels that nft logs to in your console.
This is what I've done without modifying the log level of the netfilter
rules itself.
Mine are created via firewalld, so I will see if there is a way to
change it there.
--
Gruß
Marco
Send unsolicited bulk mail to 1732133647muell@cartoonies.org
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-11-28 19:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-20 20:06 logging to a different place than kernel ring buffer Marco Moock
2024-11-20 20:52 ` Sven-Haegar Koch
2024-11-20 21:16 ` Jordan Dohms
[not found] ` <PH0PR05MB8159440DE55AAF8E8C6CFB9CB1212@PH0PR05MB8159.namprd05.prod.outlook.com>
2024-11-28 19:16 ` Marco Moock
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox