Fwd: IPtables logs, coming to *tty and in dmesg
Rick Stevens
ricks at nerd.com
Fri Apr 10 17:16:57 UTC 2009
alok pandey wrote:
> Hi GURUS,
> I have configured iptables to log all incoming packets in a separate file at
> /var/log location.
> which is working fine, but the problem is :
> --The logs are displayed to all terminal, dmesg along with the actual file
> (i.e /var/log/firewall.log)
>
> My syslog contains :
> ##DUMP FIREWALL LOG : Added by Firewall Script
> kern.warn /var/log/firewall.log
> kern.info /var/log/firewall.log
Why two? Are you using two different levels of logging in iptables?
> kern.none /dev/console
>
>
>
> After googling around, i tried to fix this by changing the
> /proc/sys/kernel/printk value.
> FYI, my system current printk value is "3 4 1 7 "
> I have no idea , what these value stands for , but it's not able to save my
> dmesg problem.
Unless you know what you're doing, don't screw with things in /proc.
Bad idea.
By default, klogd (the kernel logger) will send any message that has a
priority lower than 7 (DEBUG) to the console and that's why your stuff
is appearing. If you change your iptables logging to "--log-level=7",
change the /etc/syslog.conf to
kern.debug /var/log/firewall.log
and restart the kernel and system loggers ("service syslog restart"),
you should be fine. If you want to change the level at which klogd
starts sending things to the console, edit /etc/sysconfig/syslog and
add "-c n" to the "KLOGD_OPTIONS" line, e.g.
KLOGD_OPTIONS="-x -c 5"
This will make klogd only send messages lower than priority 5
(LOG_NOTICE) to the console.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks at nerd.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- A friend said he climbed to the top of Mount Rainier. My view is -
- that if there's no elevator, it must not be that interesting. -
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list