LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Change path of log files (https://www.linuxquestions.org/questions/linux-software-2/change-path-of-log-files-128407/)

linuxboy69 12-23-2003 12:25 PM
Change path of log files
 
I am using the log option on my firewall rules so that I can see what packets are getting rejected and dropped etc... The problem I am having is that it is putting it into my /var/log/messages file which also contains some other important logs. For example my dns shut down last night and I want to find out what time but the /var/log/messages file is flooded with firewall rule logs. How can I change the directory where the firewall rules go??

druuna 12-23-2003 12:45 PM
Take a look at syslogd.

This is the most important file you need to edit:
/etc/syslog.conf

Do read the man page before you start editing (make a copy, be safe).

linuxboy69 12-23-2003 12:57 PM
Thank you for replying!!

I looked at the syslog.conf file and it says that *.info is going to /var/log/messages. What would be the .info for iptables logs or the .info for the service logs.

For example I know that mail.info is for the mail messages.

druuna 12-23-2003 01:15 PM
I really don't know what it is you have running on your box, so this next part is general.

First of all: You really need to read the manpages:
- man 8 syslogd
- man 5 syslog.conf

These are the 'common' facilities: auth, authpriv, cron, daemon, kern, lpr, mail, mark,news, security, syslog, user, uucp and local0 through local7

Common is a bit strong, but there are others. You might have noticed the missing ftp, which can also be a facility.

2 examples:

Give all 8 priorities for the kern facility its own logfile:

kern.emerg -/var/log/kern/kern.7_emergency
kern.alert;kern.!emerg -/var/log/kern/kern.6_alert
kern.crit;kern.!alert -/var/log/kern/kern.5_critical
kern.err;kern.!crit -/var/log/kern/kern.4_error
kern.warning;kern.!err -/var/log/kern/kern.3_warning
kern.notice;kern.!warning -/var/log/kern/kern.2_notice
kern.info;kern.!notice -/var/log/kern/kern.1_info
kern.debug;kern.!info -/var/log/kern/kern.0_debug

Give all 8 priorities for all facilities, except mail, news and ftp its own logfile:

*.emerg;mail,news,ftp.none -/var/log/log.7_emergency
*.alert;*.!emerg;mail,news,ftp.none -/var/log/log.6_alert
*.crit;*.!alert;mail,news,ftp.none -/var/log/log.5_critical
*.err;*.!crit;mail,news,ftp.none -/var/log/log.4_error
*.warning;*.!err;mail,news,ftp.none -/var/log/log.3_warning
*.notice;*.!warning;mail,news,ftp.none -/var/log/log.2_notice
*.info;*.!notice;mail,news,ftp.none -/var/log/log.1_info
*.debug;*.!info;mail,news,ftp.none -/var/log/log.0_debug

Like I said before: I don't know what you have running and how it is logged.
I do have a handy script that will log a short test message to 'all' priorities and facilities. It might help you to figure out where things are logged and if this is the way you want it.
Code:
#!/bin/bash
#----------------------------------------------------------------------------#
# Check syslog facilities and priorities
#------------------------------------------------------------------#
# Variables

PROG=`basename "$0"`
FACILITIES='auth authpriv cron daemon ftp kern lpr mail news syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7'
PRIORITIES='emerg alert crit err warning notice info debug'

#------------------------------------------------------------------#
# Main

for FACIL in $FACILITIES
do
  for PRIO in $PRIORITIES
  do
    logger -p $FACIL.$PRIO "$PROG[$$]: Testing syslogd/syslog.conf $FACIL.$PRIO"
  done
done

#----------------------------------------------------------------------------#
# End

Technoslave 12-23-2003 01:17 PM
You should also read up on man iptables and do a search for LOG

You'll use that in conjuction with syslog to output logs to where you need them to be.


All times are GMT -5. The time now is 04:49 PM.