matt wrote:
Hi all,
Apologies if this post is more a kernel/syslog post, but from what I’ve read part of it is netfilter.
I have a linux box that’s has an iptables rule -A INPUT -j LOG --log-prefix "FIREWALL:INPUT"
Which is basiclly my last rule, so if my other rules haven’t been matched it will log it into the syslog
My syslog config looks like this
auth,authpriv.* -/var/log/auth.log *.*;auth,authpriv.none -/var/log/sys.log daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log mail.* -/var/log/mail.log user.* -/var/log/user.log *.emerg *
So kernel warnings go to kern.log – mail alerts go to mail.log etc thus keeping the actual syslog clean of anything other than core stuff. However my syslog is getting flooded with firewall data. I’ve read in the FAQ that explains how the priority of the logging feature is used with syslog, however I was wondering if there was anyway I could configure netfilter/syslog to something like this
kern.* -/var/log/kern.log mail.* -/var/log/mail.log user.* -/var/log/user.log netfilter.* /var/log/firewall.log
so that once again the syslog logs only “core” data and all the general netfilter jazz goes to the firewall.log, so that should I need to I can study it, yet keeping the syslog clear.
Thanks,
Matt
Hello,
Use the ULOG (userspace logging) target and the ulogd deamon. That way you may specify logging to a particular file (supports sql logging too).
More at: http://iptables-tutorial.frozentux.net/iptables-tutorial.html
regards, Georgi Alexandrov
