Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 04-15-2006, 05:10 PM   #1
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 565

Rep: Reputation: 30
Talking Firewall and router separate logs

I would like to sort a syslog central server in my lan and i did not find on any of my books(they aren't that many ... )and google decent guides to syslog facilities expecially the local0. local7. and how i can direct a program to write to it.I have a debian sarge 3.1 2.6 and i have put a -r options in the /etc/init.d/sysklog to make him act on the net and get logs sent by the front-router i have choose a facility for the local2.* belonging to cisco.routers i have a netgear and it's /var/log/netgear.log but it stays empty.Separates logs for netfilter too i read somewhere to have separate netfilter logs i have to put this "kern.=debug /var/log/firewall" in /etc/syslog.conf and it stays empty asswell , please help !
Ciao !

Last edited by gabsik; 04-15-2006 at 05:17 PM.
Old 04-16-2006, 01:57 PM   #2
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
Looks like you are on the right track. Below is a copy/paste from my syslog.conf file.
NOTE: local2.none in second part. This keeps local2 events from logging in both files.

# Firewall logs at local2
local2.*                                                /var/log/firewall.log

# Log anything (except mail,local2) of level info
# or higher. Don't log private authentication messages!
*.info;mail.none;local2.none;authpriv.none;cron.none    /var/log/messages
Obviously, the above requires the device sending log events to be configured to log at facility local2.
Old 04-17-2006, 02:53 PM   #3
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 565

Original Poster
Rep: Reputation: 30
Yes i'm getting the logs i need but i have a messy syslog.conf now.For firewall logs i'm using target ULOG and pointed logcheck to send me a ULOGD report.The router is seeing the syslog server and sends reports regulary.As i sayd i have a messy syslog.conf:
kern.=debug /var/log/firewall
kern.warning /var/log/firewall
kern.* -/var/log/firewall

Which is the right firewal one?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux router/firewall box for shared Internet access from 3 separate LANs? dan.patton Linux - Networking 4 04-15-2006 05:37 PM
portsentry separate logs and TCPwrappers gabsik Linux - Security 5 04-05-2006 08:08 AM
Firewall logs in logs and terminal... robbow52 Debian 7 11-20-2004 07:13 PM
syslogd and named logs - separate file slimak Debian 3 11-16-2004 01:51 AM
Separate firewall logs and general logs dominant Linux - General 3 04-20-2004 01:26 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:09 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration