[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: loging iptables to a separate file?

On Wed, 2003-06-25 at 19:09, Jesse Meyer wrote:
> On Tue, 24 Jun 2003, Robert L. Harris wrote:
> >   Looking at the docs for iptables you can specify log Level (auth,
> > crit, etc) but I don't see a way of specifying a "facility" such as
> > local1.  I'd like to put all my iptables output logs into a specific
> > file I can dig through easier than my messages file.  Messing with
> > loglevels could work but has potential to get very ugly if it makes me
> > miss important messages I need otherwise.
> There is probably a better way to do this, but I'm using syslog-ng, 
> along with these lines added to /etc/syslog-ng/syslog-ng.conf
> 	destination iptables { file("/var/log/iptables.log" owner("root")
> 		group("adm") perm(0640)); };
> 	filter f_iptables { match("IN="); };
> 	log { source(src); filter(f_iptables); destination(iptables); };
You can use the log-level feature of iptables to set the log level.
iptables -A INPUT -j LOG --log-level 4 --log-prefix "Bad packet"

Then you can edit your syslog.conf file and append the following line:
kern.=warning           -/var/log/firewall.log
Nb. ensure you line up with tabs.

This will log all kernel logs with level 4 (warning) to the separate
file /var/log/firewall.log.

There is some chance that something else will end up in this file that
is not firewall related but was still logged by the kernel at level 4. 
I don't know what though.


Reply to: