On Fri, Oct 22, 2004 at 09:40:33AM -0700, kate wrote:
> I have a firewall script that only allows
> pre-determined Ip addresses to attempt logon.
> Allowable access gets logged in /var/log/secure while
> TCP rules dump all other traffic, and get LOGGED in
> /var/log/messages. - This is a Home LAN, and that's a
> lotta data !
>
> Is there a way of redirecting all this to a separate
> file? Is there a better way to deal with all this?
>
> my rules include-
>
> # LOG rules go to /var/log/messages
> iptables -A INPUT -m limit --limit 1/sec --limit-burst
> 3 -j \
> LOG --log-level 4 --log-prefix "FW DROP INPUT: "
>
> thanks in advance
> kate
the most complete way to do this is to use syslog-ng as your system
logger and use its filter capabilities to send all the netfilter
messages to a dedicated file; i use something along the lines of:
source src {
internal();
};
filter f_iptables {
facility(kern) and match("IN=") and match("OUT=");
};
destination firewall { file("/var/log/firewall"); };
log { source(src); filter(f_iptables); destination(firewall); };
and yes--this is all completely stolen from SuSE's config files...
-j
--
Jason Opperisano <opie@xxxxxxxxxxx>
