Iptables logging
jludwig
wralphie at comcast.net
Sat Jul 10 00:49:33 UTC 2004
On Fri, 2004-07-09 at 16:12, Edwin Dicker wrote:
> Hi All,
>
> On my Iptables firewall some packets gets logged to /var/log/messages.
> The messages file is getting unreadable with all these iptables logging and
> I am looking for a better way to log these messages.
> Since these are kernel messages my thought went to the syslog.conf file and
> I configured that all kern.warn events should be logged to /var/log/firewall
> ( so they dont mess up my messages file ) after doing this it looks like
> only half of the messages gets logged in /var/log/firewall and the other
> half still gets logged to /var/log/messages.
>
> Are there different types of severity concerning iptables logging ?
> Has someone got a better idea to prevent messing up the messages file ?
>
> Tia,
> Edwin
It seems on every system there are log levels that are not used. On my
system these are notice and warn so I set my iptables and syslog.conf
like this
1) For /etc/syslog.conf I added these
# Log general networking info
*.notice
/var/log/networking
*.warn
/var/log/firewall
# Log cron stuff
2) For iptables
$IPTABLES -A INPUT -i $IF0 -s 192.168.xx.xx/32 -d 0/0 -m state --state
\! $ER -j LOG --log-level notice --log-prefix "Spoof Attempt"
--
jludwig <wralphie at comcast.net>
More information about the fedora-list
mailing list