[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to log iptables

Hey Gabriele,

Linux kernel used to log via kernel logging facility catched by some 
userspace (syslog) daemon. Legacy is syslogd+klogd of package syslog, 
but you may consider to install version syslog-ng (which does not split into
2 the same way) to have more userspace filtering, like regular expressions. 
Also, the legacy syslog package didn't get any significant improvements 
since long, with old bugs getting fixed only slow, if at all.

You can also influence the kernel default logging defaults by 'printk' value, 
which is mainly about the way messages should appear on (stdout) console,
but maybe that was improved meanwhile. It's configurable at boottime via 
/etc/sysctl.conf, if you install the 'procps' package.
You probably need to the 'procps' and 'sysctl' options set to yes, in the kernel 

I just see there's a /usr/src/linux/Documentation/sysctl/kernel.txt which 
possibly could tell you more about this.

And ultimatively, since 2.4.something, there's ulogd which needs the according
setting in the kernel (netfilter) configuration:

    This option enables the old IPv4-only "ipt_ULOG" implementation                           
    which has been obsoleted by the new "nfnetlink_log" code (see                             
    This option adds a `ULOG' target, which allows you to create rules in                     
    any iptables table. The packet is passed to a userspace logging                           
    daemon using netlink multicast sockets; unlike the LOG target                             
    which can only be viewed through syslog.                                                  
    The apropriate userspace logging daemon (ulogd) may be obtained from                      

The package is availabe in debian Sid (unstable).
hth, maren


Reply to: