I would like to change the location of my log information
created by iptables usage. I am running RH7.3 kernel 2.4.20, iptables v1.2.8.
I have the following in my syslog.conf file:
-----------------Cut-----------------------------------------
#Log iptables stuff to iptables log
kern.3 /var/log/iptables
-----------------Cut-----------------------------------------
And in my firewall script...
$IPTABLES -N LOG_DROP
$IPTABLES -A LOG_DROP -j LOG --log-tcp-options --log-level 3 --log-ip-options
--log-prefix "[IPTABLES DROP] : "
$IPTABLES -A LOG_DROP -j DROP
This does log some information to /var/log/iptables but it takes longer (about
a 2-3 minute delay) to get to that file than to /var/log/messages (which it still
logs to).
I have seen the local0 - local7 syslogd facilities but am a little unsure how
to use them. Does anybody have an idea???
Ideally, I would like to log all my iptables log to /var/log/iptables and not
to /var/log/messages at all...
Thanks
Francois.
