Re: logging with iptables

To: debian-user@lists.debian.org
Subject: Re: logging with iptables
From: Andy Smith <andy@strugglers.net>
Date: Thu, 19 Sep 2024 15:05:18 +0000
Message-id: <[🔎] Zuw9rkAO2rZF+bjT@mail.bitfolk.com>
In-reply-to: <[🔎] 0903877-501p-s6q3-rq30-38546n53r68s@cebgbaznvy.pbz>
References: <[🔎] 0903877-501p-s6q3-rq30-38546n53r68s@cebgbaznvy.pbz>

Hi,

On Thu, Sep 19, 2024 at 02:35:24PM +0000, fxkl47BF@protonmail.com wrote:
> in my iptables i have    tcp LOG flags 0 level 4 prefix "REJECT: "
> this does what i want but how to direct the logging
> it gets written to multiple file in /var/log
> syslog, messages, kern, debug
> can i restrict this to a single file

If you install a more flexible logging system than journald, such as
rsyslog or syslog-ng, you can match by regex in order to direct log
lines to different places.

I also use ulogd2 to direct iptables logging to different places. I
haven't yet written up what I do for nftables but here is soemthing
I wrote up years ago for iptables and it wasn't hard to adapt for
nftables:

    https://strugglers.net/posts/2021/keeping-firewall-logs-out-of-linuxs-kernel-log-with-ulogd2/

There are of course many other resources online for using ulogd2.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to:

References:
- logging with iptables
  - From: fxkl47BF@protonmail.com

Prev by Date: Re: Availability of "Debian GNU/Linux Installation Guide" for OFFLINE use
Next by Date: Brightness Control Hotkeys not working on Debian 12, Lenovo IdeaPad3
Previous by thread: logging with iptables
Next by thread: Re: logging with iptables
Index(es):
- Date
- Thread