[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Creating a logfile for Netfilter

On Mon, Jun 11, 2001 at 07:11:00PM +0100, Tim Haynes wrote:
> Stefan Srdic <linuxbox@telusplanet.net> writes:
> > Anyway, as you can guess I am using netfilter for firewalling.
> > 
> > How can I pipe all logs from Netfilter into a single logfile?
> > 
> > Lets say I wanted all log messages from netfilter to be loged into
> > /var/log/netfilter. How could I accomplish that?
> FWIW, my approach: assert a log-prefix in your logging iptables rules, and
> install syslog-ng with a regexp match to pick up your prefix (make it
> distinctive, eg 'Catch-all: .*IN=.*OUT=' would probably be precise enough).
Here is an alternative approach which I took.  I think it is a little

If you create a user defined chain something like the following:

iptables -N log_droped
iptables -A log_droped -j LOG --log-level 1 --log-prefix "droped_::"
iptables -A log_droped -j DROP

And make all your firewall rules that need to be dropped -j (jump) to
this chain then they will be logged at log-level 1 (Alert).

Then, if you edit /etc/syslog.conf and append the following line:
kern.=alert			-/var/log/firewall.log
(Nb. line up with tabs)

Then syslog will log all logs at level alert to the separate file.  Not
much else gets logged at level alert so it should be OK and not upset
other logging.

Thus, the firewall will log to /var/log/firewall.log - just create this
file with touch.


Reply to: