From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of zze-KHOURY Jad FTRD/DMI/CAE
Sent: Friday, April 30, 2004 1:33 AM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: (no subject)
Hi,
I'm
having some problems finding how to log ONLY iptable log messages to another
file other than messages. So I made some changes in the "sylsog.conf" file by
adding: kern.warning /var/log/firewall since the Default log level entry
is" warning". But I still reveive some message other than the packets, from the
kernel itself!
how can I limit the input messages to only
Netfilter packets?
What should I change in
the syslog.conf file If I don't want to receive Netfilter messages in this
file?
regards
Jad
To
isolate firewall log messages into a separate or dedicated file. By
default, netfilter logs to the kern.info
syslog facility. This places all the firewall log messages into
/var/log/messages along with all other kernel messages. This behavior is not
exceedingly friendly for firewall log parsing and analysis. However, since the
Linux kernel logs very little by default at the ?debug? level, there is an easy
solution. Follow these steps:
§
Set logging level
to ?debug? in the firewall script:
LOG_LEVEL="debug"
§
Place the LOG_LEVEL
variable in rule sets for all packets to be logged:
-j LOG --log-level
$LOG_LEVEL
§
Tell syslog to log
only kernel.debug messages to the firewall log
file:
kern.=debug
/var/log/iptables/iptables.log
§
Tell syslog not to place firewall messages into
/var/log/messages:
*.*;kern.!=debug
/var/log/messages
§
Restart syslog:
./etc/init.d/syslog restart
