On Wed, 19 Mar 2003 at 11:38am (-0800), Randall J. Parr wrote:
> I have been trying to find some means to redirect the iptables log
> messages to a file other than /var/log/messages.
>
> One option recommended is using syslog-ng which allows redirection based
> on regular expressions.
>
> Does anyone have any ideas and/or experience using the syslog-ng package
> with Red Hat 8.x ?
>
I'm a big fan of syslog-ng... it's filtering rules are much more flexiable.
For instnace I use it to do exactly what you're doing and write
ipchains/iptables stuff to /var/log/firewall....
destination d_firewall { file("/var/log/firewall"); };
filter f_firewall {
facility(kern) and match('Packet log:') or match('kernel: IN=');
};
log { source(s_sys); filter(f_firewall); destination(d_firewall); };
... it can be used a full replacement for sysklogd but i don't know how
'drop in' the available RPM's are. It's prolly worth checking them out.
That aside.. is possible to do something similar although not as presice
using regular syslogkd....
# Log anything (except kernel.info or mail) of level info or higher.
*.info;kern.!=info;mail.none /var/log/messages
# Log kernel.info (iptables messages mostly) to a seperate file.
kernel.=info /var/log/kernel
... just remember to update /etc/logrotate.d/syslog with any new log files
you might create.
... I use both of these methods on various machines depending on how long
ago I built them. :)
M.
--
WebCentral Pty Ltd Australia's #1 Internet Web Hosting Company
Level 5, 100 Wickham St. Network Operations - Systems Engineer
PO Box 930, Fortitude Valley. phone: +61 7 3249 2552
Queensland, Australia 4006. pgp key id: 0x900E515F
--
Psyche-list mailing list
Psyche-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/psyche-list
