[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables logging

Matthias Richter, 2001-Jul-22 08:18 +0200:
> You need to tell iptables which packages should be logged. For example:
> 
> iptables -N log # This table logs and hands package over to "delete"
> iptables -N delete - This table rejects anything
> 
> iptables -A INPUT <RULE> -j log # Rule to be logged
> iptables -A INPUT <RULE> -j delete # Rule not to be logged
> 
> iptables -A log -j LOG --log-prefix "Rejected: " # be verbose in syslog
> iptables -A log -j delete # hand over package to "delete"
> 
> iptables -A delete -j REJECT # gracefully reject package
> 

   Thanks, this helps.  I've got it logging now to syslog with a
   log prefix...nice!
   
   Now, I want these log messages to go to a different log file,
   other than /var/log/syslog.  I'd like these "Refected: " log
   messages to go into /var/log/iptables.log instead.  I can't
   figure out what changes to make to /etc/syslog.conf to make
   this happen.  Any help is appreciated.
   
   jc


-- 

Jeff Coppock		Nortel Networks
Systems Engineer	http://nortelnetworks.com
Major Accts.		Santa Clara, CA
Reply to: