LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-15-2006, 05:10 PM   #1
gabsik
Member
 
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 546

Rep: Reputation: 30
Talking Firewall and router separate logs


I would like to sort a syslog central server in my lan and i did not find on any of my books(they aren't that many ... )and google decent guides to syslog facilities expecially the local0. local7. and how i can direct a program to write to it.I have a debian sarge 3.1 2.6 and i have put a -r options in the /etc/init.d/sysklog to make him act on the net and get logs sent by the front-router i have choose a facility for the local2.* belonging to cisco.routers i have a netgear and it's /var/log/netgear.log but it stays empty.Separates logs for netfilter too i read somewhere to have separate netfilter logs i have to put this "kern.=debug /var/log/firewall" in /etc/syslog.conf and it stays empty asswell , please help !
Ciao !

Last edited by gabsik; 04-15-2006 at 05:17 PM.
 
Old 04-16-2006, 01:57 PM   #2
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
Looks like you are on the right track. Below is a copy/paste from my syslog.conf file.
NOTE: local2.none in second part. This keeps local2 events from logging in both files.

Code:
# Firewall logs at local2
local2.*                                                /var/log/firewall.log

# Log anything (except mail,local2) of level info
# or higher. Don't log private authentication messages!
*.info;mail.none;local2.none;authpriv.none;cron.none    /var/log/messages
Obviously, the above requires the device sending log events to be configured to log at facility local2.
 
Old 04-17-2006, 02:53 PM   #3
gabsik
Member
 
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 546

Original Poster
Rep: Reputation: 30
Yes i'm getting the logs i need but i have a messy syslog.conf now.For firewall logs i'm using target ULOG and pointed logcheck to send me a ULOGD report.The router is seeing the syslog server and sends reports regulary.As i sayd i have a messy syslog.conf:
kern.=debug /var/log/firewall
kern.warning /var/log/firewall
kern.* -/var/log/firewall

Which is the right firewal one?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux router/firewall box for shared Internet access from 3 separate LANs? dan.patton Linux - Networking 4 04-15-2006 05:37 PM
portsentry separate logs and TCPwrappers gabsik Linux - Security 5 04-05-2006 08:08 AM
Firewall logs in logs and terminal... robbow52 Debian 7 11-20-2004 07:13 PM
syslogd and named logs - separate file slimak Debian 3 11-16-2004 01:51 AM
Separate firewall logs and general logs dominant Linux - General 3 04-20-2004 01:26 AM


All times are GMT -5. The time now is 09:35 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration