Re: ipchains not logging to syslog
I saw this when I first installed Debian 3.0r0. I did find out how to
stop the logging to the 1st VT. Edit /etc/init.d/klogd. On line 13 is
an assignment to KLOGD. Put "-c 4" in the quotes. This logs only
info and above to the console. I don't know what I did that started
logging to syslog. There are still oddities, firewall events that
show up in the logs days after the fact.
HTH,
Jeffrey
Quoting Jeremy Gaddis <jeremy@gaddis.org>:
> Has anyone experienced an issue with ipchains not logging
> via syslog? The log info for the packets that should be
> logged is output to the first VT, but this is hardly
> convenient as the machine is put up in a closet.
>
> [jeremy@MARS:pts/0:~]$ uname -a
> Linux mars 2.2.23 #4 Thu Jan 23 22:15:03 EST 2003 i486 unknown
>
> [jeremy@MARS:pts/0:~]$ grep -v ^# /etc/syslog.conf
> *.* @192.168.0.2
>
> Everything else gets probably logged, however, nothing appears
> from ipchains. The default policy for the input chain is ACCEPT,
> however, there are individual rules for packets that I want allowed,
> then there's a default "catch-all" at the end of the input chain
> which should log everything that isn't allowed. The packet logs never
> make it to the loghost however.
>
> [root@MARS:pts/0:~]# ipchains -L input -n | head -n 1
> Chain input (policy ACCEPT):
>
> [root@MARS:pts/0:~]# ipchains -L input -n | tail -n 1
> DENY all ----l- 0.0.0.0/0 0.0.0.0/0 n/a
>
> The packets are indeed being blocked (and logged to the first VT),
> but nothing is reported via syslog. Has anyone experienced an issue
> of this sorts before?
>
> Thanks,
> j.
>
Reply to: