Re: loging iptables to a separate file?
On Wed, 2003-06-25 at 19:09, Jesse Meyer wrote:
> On Tue, 24 Jun 2003, Robert L. Harris wrote:
> > Looking at the docs for iptables you can specify log Level (auth,
> > crit, etc) but I don't see a way of specifying a "facility" such as
> > local1. I'd like to put all my iptables output logs into a specific
> > file I can dig through easier than my messages file. Messing with
> > loglevels could work but has potential to get very ugly if it makes me
> > miss important messages I need otherwise.
>
> There is probably a better way to do this, but I'm using syslog-ng,
> along with these lines added to /etc/syslog-ng/syslog-ng.conf
>
> destination iptables { file("/var/log/iptables.log" owner("root")
> group("adm") perm(0640)); };
>
> filter f_iptables { match("IN="); };
>
> log { source(src); filter(f_iptables); destination(iptables); };
>
You can use the log-level feature of iptables to set the log level.
Eg:
iptables -A INPUT -j LOG --log-level 4 --log-prefix "Bad packet"
Then you can edit your syslog.conf file and append the following line:
kern.=warning -/var/log/firewall.log
Nb. ensure you line up with tabs.
This will log all kernel logs with level 4 (warning) to the separate
file /var/log/firewall.log.
There is some chance that something else will end up in this file that
is not firewall related but was still logged by the kernel at level 4.
I don't know what though.
Regards.
Mark.
Reply to: