LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 03-26-2008, 12:36 PM   #1
nekkutta
LQ Newbie
 
Registered: Feb 2008
Distribution: Slackware 12
Posts: 22

Rep: Reputation: 15
syslog.conf rule for iptables


I was wondering if there is a way to place all the iptables LOG entries into a separate log file through the syslog.conf

needless to say my rc.firewall is overloading my syslog with entries... I guess I could comment out some of the LOG rules but I have a feeling that they are there for a reason, since I used a script for my rc.firewall that I got from here. I just wanted to know if there is a way to keep everything nice and tidy or am I going to get to the point where I hate my syslog?

nekkutta
 
Old 03-26-2008, 01:35 PM   #2
colucix
Moderator
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,453

Rep: Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941
Quote:
Originally Posted by nekkutta View Post
I was wondering if there is a way to place all the iptables LOG entries into a separate log file through the syslog.conf
Yes, there is. Iptables logs use the kernel facility, so you have to assign a log level to the iptables log and then add a new entry to the /etc/syslog.conf file. In details:

1. Assign a log-level 7 to the iptables LOG. Log level 7 corresponds to "debug" and since the kernel spit out very few messages at debug level, your logfile will be populated almost entirely from the iptables logs. If your firewall script does not explicitly assigns a log-level to the LOG entries, you can add the option
Code:
--log-level 7
to the relevant lines (those ones with -j LOG). Then restart the firewall service to update the iptables.

2. Add to the /etc/syslog.conf file the following entry
Code:
kern.=debug            /var/log/iptables.log
this will tell syslog to log messages from kernel only at debug priority into the file /var/log/iptables.log (choose the name you want for the logfile). Of course check if an entry like kern.debug or kern.=debug does not already exist in your /etc/syslog.conf.

3. Restart the syslog daemon. At this point the logfile will be created and will start to be populated.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables: rule with RETURN target just after a rule with ACCEPT target Nerox Linux - Networking 6 09-04-2011 03:33 PM
syslog.conf s0n|k Linux - Newbie 1 02-27-2006 07:09 PM
Help with syslog.conf ? sauce Linux - Security 11 12-15-2005 04:49 PM
edit /etc/syslog.conf wedgeworth Linux - Software 3 04-08-2004 01:58 PM
SSH rule prolem PF.CONF on OBSD 3.4 ryancoolest *BSD 5 03-12-2004 03:15 AM


All times are GMT -5. The time now is 09:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration