First, create a new file in the location you want the logs to go. touch /var/log/newfile (you don't want normal users looking at this file so you change the perms. chmod 600 /var/log/newfile Add the new file to /etc/syslog.conf kern.* -/var/log/newfile refresh syslog to read the new settings. kill -HUP `cat /var/run/syslogd.pid` or just restart it altogether. Check your new file to see if it is collecting the firewall logs. tail /var/log/newfile or tail -f /var/log/newfile (for real-time viewing) Hope this helps. Let us know if you have more questions. On Wed, 19 Jun 2002, Pyuesh Daya wrote: > > Hi Guys > > I have an iptables firewall, and i am looking at logging on the firewall logs into the seperate file using syslogd, at present moment, it is being logged to the messages file and and file call firewall. My syslod.conf file is as follows : > > kern.* -/var/log/firewall > *.err;authpriv.none /dev/tty10 > *.err;authpriv.none |/dev/xconsole > *.emerg * > > > > mail.* -/var/log/mail > > news.crit -/var/log/news/news.crit > news.err -/var/log/news/news.err > news.notice -/var/log/news/news.notice > > *.=warn;*.=err -/var/log/warn > *.crit /var/log/warn > > *.*;mail.none;news.none -/var/log/messages > > > local0,local1.* -/var/log/localmessages > local2,local3.* -/var/log/localmessages > local4,local5.* -/var/log/localmessages > local6,local7.* -/var/log/localmessages > > > How do I change this so the logging is done to seperate files. > -- duane Fun reading...well for some. 8-) http://www.linuxsecurity.com/feature_stories/dsniff-monitoring.html http://www.linuxsecurity.com/feature_stories/feature_story-89.html http://www.linuxsecurity.com/feature_stories/feature_story-88.html ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
