[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Problem with logging firewall packets


# ============================================================
# LOG level option.  NOTE klogd reflects these values for console broadcast
# Simply start klogd with -c 4 to ONLY display errors and above on the


#define KERN_EMERG      "<0>"   /* system is unusable                   */
#define KERN_ALERT      "<1>"   /* action must be taken immediately     */
#define KERN_CRIT       "<2>"   /* critical conditions                  */
#define KERN_ERR        "<3>"   /* error conditions                     */
#define KERN_WARNING    "<4>"   /* warning conditions                   */
#define KERN_NOTICE     "<5>"   /* normal but significant condition     */
#define KERN_INFO       "<6>"   /* informational                        */
#define KERN_DEBUG      "<7>"   /* debug-level messages                 */
# ============================================================

-----Original Message-----
From: Giacomo Mulas [mailto:gmulas@capitanata.ca.astro.it]On Behalf Of
Giacomo Mulas
Sent: Friday, May 25, 2001 3:43 AM
To: debian-security@lists.debian.org
Subject: Re: Problem with logging firewall packets

On Fri, 25 May 2001, Paul Dossett wrote:

> Okay, I'm *really* embarrassed about this, but I can't get syslog to log
> firewall packets to a logfile - it insists on sending them to my Debian
> box's console.  I've checked the /etc/syslog.conf file and there's no
> mention of a console there at all, so what am I doing wrong?  The crappy
> ipchains test script I've rigged is working, a grc.com scan is being
> in all the right ways, but I just can't get the logs on magnetic media...
> what really simple, obvious, even-a-redheaded-stepchild-could-work-it-out
> step am I missing?

Is klogd running? You need that, for syslog to be able to log kernel
messages such as ipchains logs.

I have the very same problem with iptables, but not with ipchains. On the
simple ipchains-based firewall I set up for my institute, a debian potato
box with a handful of packages recompiled from sid, I use the spf
(stateful packet filter) package to handle firewalling rules, and
syslog-ng to handle the logging, and I could easily direct ipchains log
messages to specific log files. I was never able to do the same with
iptables, however. Logs from iptables are indeed recorded in the logs, but
they also *always* turn up on whatever console I am using. The kernel log
daemon is running, everything appears to be working, where is the catch?



Giacomo Mulas <gmulas@ca.astro.it, giacomo.mulas@tin.it>

Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel.: +39 070 71180 216     Fax : +39 070 71180 222

"When the storms are raging around you, stay right where you are"
                         (Freddy Mercury)

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Reply to: