Re: Creating a logfile for Netfilter

To: debian-security@lists.debian.org
Subject: Re: Creating a logfile for Netfilter
From: Jean-Marc Boursot <jmb@ankeo.org>
Date: Fri, 15 Jun 2001 20:30:37 +0200
Message-id: <[🔎] 01061520303700.00646@endymion>
In-reply-to: <[🔎] 3B2A1C95.4CABBE97@telusplanet.net>
References: <[🔎] 3B24FC54.538FD6F6@telusplanet.net> <[🔎] 20010613205051.B9827@beast.home.net> <[🔎] 3B2A1C95.4CABBE97@telusplanet.net>

On Friday 15 June 2001 16:32, Stefan Srdic wrote:
> >
> > If you create a user defined chain something like the following:
> >
> > iptables -N log_droped
> > iptables -A log_droped -j LOG --log-level 1 --log-prefix
> > "droped_::" iptables -A log_droped -j DROP
> >
> > And make all your firewall rules that need to be dropped -j (jump)
> > to this chain then they will be logged at log-level 1 (Alert).
> >
> > Then, if you edit /etc/syslog.conf and append the following line:
> > kern.=alert                     -/var/log/firewall.log
> > (Nb. line up with tabs)
> >
> > Then syslog will log all logs at level alert to the separate file. 
> > Not much else gets logged at level alert so it should be OK and not
> > upset other logging.

Isn't there a problem? Logs at level notice (5) and below are sent to 
the console. If host activity is too high, console will become unusable 
(kind of DoS).

JM

Reply to:

Follow-Ups:
- Re: Creating a logfile for Netfilter
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

References:
- Creating a logfile for Netfilter
  - From: Stefan Srdic <linuxbox@telusplanet.net>
- Re: Creating a logfile for Netfilter
  - From: mdevin@ozemail.com.au
- Re: Creating a logfile for Netfilter
  - From: Stefan Srdic <linuxbox@telusplanet.net>

Prev by Date: Re: Filesystem permissions
Next by Date: Re: Filesystem permissions
Previous by thread: Re: Creating a logfile for Netfilter
Next by thread: Re: Creating a logfile for Netfilter
Index(es):
- Date
- Thread