10/14 Hello, I needed to send my syslog from 192.16.1.10 (firewall/GW) to 192.168.1.3, the logserver. The syslogging worked. But since I am monitoring all connections going to the internal network(eth0) from outside, the log was filled with the syslog connections from the gateway to the logserver. So I gave 2 rules to help me with that: To log the syslog traffic (just testing syslog) #$IPTABLES -A OUTPUT -o eth0 -p udp -s 192.168.1.10/32 --source-port 514 -d 192.168.1.3/32 --destination-port 514 -m limit --limit 15/minute --limit-burst 10 -j LOG --log-prefix "Syslog traffictoTest: " # Log packets going to 192.168.1.0 (Rule I really need to log inbound traffic) #$IPTABLES -A OUTPUT -o eth0 -p udp --destination-port ! 514 -m limit --limit 1/second --limit-burst 10 -j LOG --log-prefix "Output packetsToTest: " # Log packets entering testnet except udp 514 for syslog ---------------- The Problem: ----------------- Only the syslog traffic is received. I lost all logging of inbound traffic. I would appreciate some help on this. Thanks. Menon -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
