Hi all,

Im having problems logging iptables,

the rule i'm testing with :
LOG icmp -- anywhere anywhere LOG level debug

When I do all kinds of icmp stuff I can't seem to find any of them in my logs, i went to /var/log did a cat * and grepped on all sorts of stuff, nothing in these logs about iptables ...

I think it's my syslog.conf and the log-level (I can't find info bout' log level's as well).

can someone have a look at this and help me out ?

I also did following : dmesg -n 1

cause all my logs where popping up in my consoles...




root@Khufu:/var/log# cat /etc/syslog.conf
# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.

#
# First some standard logfiles. Log by facility.
#

auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
uucp.* /var/log/uucp.log
#
# Emergencies are sent to everybody logged in.
#
*.emerg *
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err

# Logging for INN news system
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice

#
# Some `catch-all' logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8

# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.crit;news.err;news.notice;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole


Could someone gimme some info about those log levels ? info, warn etc... ?


thx for having a look !

Since the iptables log messages are set at the debug log level, it looks like you should have them going to /var/log/debug as well as /var/log/kern.log. Anything in there? Keep in mind that iptables log messages don't actually say iptables in them, in fact they look like this:

Oct 18 01:35:23 hostname kernel: IN=eth0 OUT= MAC=00:30:4c:d0:42:49:10:0d:88:11:81:a4:08:00 SRC=192.168.2.55 DST=192.168.2.11 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=

You might also want to remove debug from the list of log level priorities that are going to the console (see the last section of syslog.conf.