Dnia czwartek, 20 kwietnia 2006 08:38, robee napisał:
> when i use -j LOG target, netfilter writes so many information to syslog.
> what can i use to write only IN and OUT interface, SRC and DST host?
Get a syslog-ng up && running.
Create filter to match only entries you are interested in ( iptables
--log-prefix "something-unique" + filter { } definition in syslog-ng.conf )
Try to catch this "prefix" and direct it into pipe ( you can feed some SQL
backend with it or write small daemon/script that will read this pipe line by
line and extract information that you want to store/you are interested in ).
And also try NOT to log netfilter messages info messages/kernel and so on
( performance reasons ). This can be achived by using "not
match(somestring)" in log {} section.
--
Jakub Wartak
-vnull
Abstrakcyjna plciowosc szczekoczulek Konstantego.
http://vnull.pcnet.com.pl/
