IPTables logging

IPTables logging

[Patrick Topping]

Is it possible to have iptables log to some other file than the messages 
file on a linux server??  I would like to be able to have a log file of 
just iptables info and not all the other system info.  Thanks in advance.

-Patrick

Re: IPTables logging

[Joel Newkirk]

On Monday 03 February 2003 10:38 pm, Patrick Topping wrote:
> Is it possible to have iptables log to some other file than the
> messages file on a linux server??  I would like to be able to have a
> log file of just iptables info and not all the other system info. 
> Thanks in advance.
>
> -Patrick

How you do this will depend on your Linux distribution, but the following 
is the general method that works in most cases.

Edit your /etc/syslog.conf file and add the following line:

kern.=debug 	 /var/log/firewall

This will tell it to send Kernel logging messages (Netfilter is part of 
the kernel, after all) of level "debug" to the listed file.  In normal 
usage, most people have very little kernel debug logging traffic.  You 
WILL have other messages occasionally, but unless you are actually 
debugging a kernel build they will be minimal.

You will need to restart the syslogd daemon after this change.  On many 
systems this can be done (as root) with:

service syslog restart

Or by simply restarting the machine.

The final ingredient is to append "--log-level 7" to all your iptables 
log rules, telling it to log as debug-level messages, which you've 
already told syslog to write to their own file.

j

Re: IPTables logging

[Eric Leblond]

Le mar 04/02/2003 à 04:38, Patrick Topping a écrit :
> Is it possible to have iptables log to some other file than the messages 
> file on a linux server??  

Use Ulog, you've got the control of were you want to log (in a file) and
you can log in a database (psql or mysql).
Furthermore you can specify how much packets you ong at once, that
dramatically decrease filesystem I/O.

--
Eric