LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 12-23-2003, 01:25 PM   #1
linuxboy69
Member
 
Registered: Oct 2003
Distribution: Redhat 9
Posts: 138

Rep: Reputation: 15
Change path of log files


I am using the log option on my firewall rules so that I can see what packets are getting rejected and dropped etc... The problem I am having is that it is putting it into my /var/log/messages file which also contains some other important logs. For example my dns shut down last night and I want to find out what time but the /var/log/messages file is flooded with firewall rule logs. How can I change the directory where the firewall rules go??
 
Old 12-23-2003, 01:45 PM   #2
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Take a look at syslogd.

This is the most important file you need to edit:
/etc/syslog.conf

Do read the man page before you start editing (make a copy, be safe).
 
Old 12-23-2003, 01:57 PM   #3
linuxboy69
Member
 
Registered: Oct 2003
Distribution: Redhat 9
Posts: 138

Original Poster
Rep: Reputation: 15
Thank you for replying!!

I looked at the syslog.conf file and it says that *.info is going to /var/log/messages. What would be the .info for iptables logs or the .info for the service logs.

For example I know that mail.info is for the mail messages.
 
Old 12-23-2003, 02:15 PM   #4
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
I really don't know what it is you have running on your box, so this next part is general.

First of all: You really need to read the manpages:
- man 8 syslogd
- man 5 syslog.conf

These are the 'common' facilities: auth, authpriv, cron, daemon, kern, lpr, mail, mark,news, security, syslog, user, uucp and local0 through local7

Common is a bit strong, but there are others. You might have noticed the missing ftp, which can also be a facility.

2 examples:

Give all 8 priorities for the kern facility its own logfile:

kern.emerg -/var/log/kern/kern.7_emergency
kern.alert;kern.!emerg -/var/log/kern/kern.6_alert
kern.crit;kern.!alert -/var/log/kern/kern.5_critical
kern.err;kern.!crit -/var/log/kern/kern.4_error
kern.warning;kern.!err -/var/log/kern/kern.3_warning
kern.notice;kern.!warning -/var/log/kern/kern.2_notice
kern.info;kern.!notice -/var/log/kern/kern.1_info
kern.debug;kern.!info -/var/log/kern/kern.0_debug

Give all 8 priorities for all facilities, except mail, news and ftp its own logfile:

*.emerg;mail,news,ftp.none -/var/log/log.7_emergency
*.alert;*.!emerg;mail,news,ftp.none -/var/log/log.6_alert
*.crit;*.!alert;mail,news,ftp.none -/var/log/log.5_critical
*.err;*.!crit;mail,news,ftp.none -/var/log/log.4_error
*.warning;*.!err;mail,news,ftp.none -/var/log/log.3_warning
*.notice;*.!warning;mail,news,ftp.none -/var/log/log.2_notice
*.info;*.!notice;mail,news,ftp.none -/var/log/log.1_info
*.debug;*.!info;mail,news,ftp.none -/var/log/log.0_debug

Like I said before: I don't know what you have running and how it is logged.
I do have a handy script that will log a short test message to 'all' priorities and facilities. It might help you to figure out where things are logged and if this is the way you want it.
Code:
#!/bin/bash
#----------------------------------------------------------------------------#
# Check syslog facilities and priorities
#------------------------------------------------------------------#
# Variables

PROG=`basename "$0"`
FACILITIES='auth authpriv cron daemon ftp kern lpr mail news syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7'
PRIORITIES='emerg alert crit err warning notice info debug'

#------------------------------------------------------------------#
# Main

for FACIL in $FACILITIES
do
  for PRIO in $PRIORITIES
  do
    logger -p $FACIL.$PRIO "$PROG[$$]: Testing syslogd/syslog.conf $FACIL.$PRIO"
  done
done

#----------------------------------------------------------------------------#
# End
 
1 members found this post helpful.
Old 12-23-2003, 02:17 PM   #5
Technoslave
Member
 
Registered: Dec 2003
Location: Northern VA
Posts: 493

Rep: Reputation: 30
You should also read up on man iptables and do a search for LOG

You'll use that in conjuction with syslog to output logs to where you need them to be.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
keep change in PATH alchem Linux - Newbie 11 08-28-2005 05:08 PM
Deleted /var/log/messages, can't log any files-iptables chingyenccy Linux - Newbie 7 02-27-2005 05:03 PM
How do I change PATH? trotsky Linux - Software 4 12-28-2004 02:08 PM
How do i change the $PATH explorer Fedora 6 10-24-2004 04:21 AM
Can log files be time stamped? (such as FTP login and transfer log files) bripage Linux - Networking 6 08-08-2002 11:55 PM


All times are GMT -5. The time now is 05:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration