Iptables logging

[jludwig]

On Fri, 2004-07-09 at 16:12, Edwin Dicker wrote:
> Hi All,
> 
> On my Iptables firewall some packets gets logged to /var/log/messages.
> The messages file is getting unreadable with all these iptables logging and
> I am looking for a better way to log these messages.
> Since these are kernel messages my thought went to the syslog.conf file and
> I configured that all kern.warn events should be logged to /var/log/firewall
> ( so they dont mess up my messages file ) after doing this it looks like
> only half of the messages gets logged in /var/log/firewall and the other
> half still gets logged to /var/log/messages.
> 
> Are there different types of severity concerning iptables logging ?
> Has someone got a better idea to prevent messing up the messages file ?
> 
> Tia,
> Edwin
It seems on every system there are log levels that are not used. On my
system these are notice and warn so I set my iptables and syslog.conf
like this

1) For /etc/syslog.conf I added these

# Log general networking info

*.notice                                               
/var/log/networking
*.warn                                                 
/var/log/firewall

# Log cron stuff


2) For iptables 

$IPTABLES -A INPUT -i $IF0 -s 192.168.xx.xx/32  -d 0/0 -m state --state
\! $ER -j LOG --log-level notice --log-prefix "Spoof Attempt"
-- 
jludwig <wralphie at comcast.net>