Re: Creating a logfile for Netfilter
mdevin@ozemail.com.au wrote:
> Here is an alternative approach which I took. I think it is a little
> easier.
>
> If you create a user defined chain something like the following:
>
> iptables -N log_droped
> iptables -A log_droped -j LOG --log-level 1 --log-prefix "droped_::"
> iptables -A log_droped -j DROP
>
> And make all your firewall rules that need to be dropped -j (jump) to
> this chain then they will be logged at log-level 1 (Alert).
>
> Then, if you edit /etc/syslog.conf and append the following line:
> kern.=alert -/var/log/firewall.log
> (Nb. line up with tabs)
>
> Then syslog will log all logs at level alert to the separate file. Not
> much else gets logged at level alert so it should be OK and not upset
> other logging.
>
> Thus, the firewall will log to /var/log/firewall.log - just create this
> file with touch.
>
> Hth.
> Mark.
>
Thanks for the good advice man, I re-wrote the core of my firewall last night.
Using your advice I was able to seperate distinctive services into their own
chain, filter the datagrams, and then jump all all wanted datagrams into the
LOGNDROP chain.
Now my script is a hell of a lot easier to follow and my logs are nice and neat.
Sorry about the late reply,
Stef
Reply to: