Re: Logging IPTables to file using syslogd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




First, create a new file in the location you want the logs to go.  

touch /var/log/newfile
(you don't want normal users looking at this file so you change the perms.

chmod 600 /var/log/newfile

Add the new file to /etc/syslog.conf

kern.*			-/var/log/newfile

refresh syslog to read the new settings.

kill -HUP `cat /var/run/syslogd.pid`

or just restart it altogether.

Check your new file to see if it is collecting the firewall logs.

tail /var/log/newfile

or

tail -f /var/log/newfile (for real-time viewing)

Hope this helps.  Let us know if you have more questions.

On Wed, 19 Jun 2002, Pyuesh Daya wrote:

> 
> Hi Guys
> 
> I have an iptables firewall, and i am looking at logging on the firewall logs into the seperate file using syslogd, at present moment, it is being logged to the messages file and and file call firewall.  My syslod.conf file is as follows : 
> 
> kern.*                          -/var/log/firewall
> *.err;authpriv.none             /dev/tty10
> *.err;authpriv.none             |/dev/xconsole
> *.emerg                          *
> 
> 
> 
> mail.*                          -/var/log/mail
> 
> news.crit                       -/var/log/news/news.crit
> news.err                        -/var/log/news/news.err
> news.notice                     -/var/log/news/news.notice
> 
> *.=warn;*.=err                  -/var/log/warn
> *.crit                           /var/log/warn
> 
> *.*;mail.none;news.none         -/var/log/messages
> 
> 
> local0,local1.*                 -/var/log/localmessages
> local2,local3.*                 -/var/log/localmessages
> local4,local5.*                 -/var/log/localmessages
> local6,local7.*                 -/var/log/localmessages
> 
> 
> How do I change this so the logging is done to seperate files.
> 

-- 
duane

Fun reading...well for some.  8-)
http://www.linuxsecurity.com/feature_stories/dsniff-monitoring.html
http://www.linuxsecurity.com/feature_stories/feature_story-89.html
http://www.linuxsecurity.com/feature_stories/feature_story-88.html

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux