Change path of log files
I am using the log option on my firewall rules so that I can see what packets are getting rejected and dropped etc... The problem I am having is that it is putting it into my /var/log/messages file which also contains some other important logs. For example my dns shut down last night and I want to find out what time but the /var/log/messages file is flooded with firewall rule logs. How can I change the directory where the firewall rules go??
|
Take a look at syslogd.
This is the most important file you need to edit: /etc/syslog.conf Do read the man page before you start editing (make a copy, be safe). |
Thank you for replying!!
I looked at the syslog.conf file and it says that *.info is going to /var/log/messages. What would be the .info for iptables logs or the .info for the service logs. For example I know that mail.info is for the mail messages. |
I really don't know what it is you have running on your box, so this next part is general.
First of all: You really need to read the manpages: - man 8 syslogd - man 5 syslog.conf These are the 'common' facilities: auth, authpriv, cron, daemon, kern, lpr, mail, mark,news, security, syslog, user, uucp and local0 through local7 Common is a bit strong, but there are others. You might have noticed the missing ftp, which can also be a facility. 2 examples: Give all 8 priorities for the kern facility its own logfile: kern.emerg -/var/log/kern/kern.7_emergency kern.alert;kern.!emerg -/var/log/kern/kern.6_alert kern.crit;kern.!alert -/var/log/kern/kern.5_critical kern.err;kern.!crit -/var/log/kern/kern.4_error kern.warning;kern.!err -/var/log/kern/kern.3_warning kern.notice;kern.!warning -/var/log/kern/kern.2_notice kern.info;kern.!notice -/var/log/kern/kern.1_info kern.debug;kern.!info -/var/log/kern/kern.0_debug Give all 8 priorities for all facilities, except mail, news and ftp its own logfile: *.emerg;mail,news,ftp.none -/var/log/log.7_emergency *.alert;*.!emerg;mail,news,ftp.none -/var/log/log.6_alert *.crit;*.!alert;mail,news,ftp.none -/var/log/log.5_critical *.err;*.!crit;mail,news,ftp.none -/var/log/log.4_error *.warning;*.!err;mail,news,ftp.none -/var/log/log.3_warning *.notice;*.!warning;mail,news,ftp.none -/var/log/log.2_notice *.info;*.!notice;mail,news,ftp.none -/var/log/log.1_info *.debug;*.!info;mail,news,ftp.none -/var/log/log.0_debug Like I said before: I don't know what you have running and how it is logged. I do have a handy script that will log a short test message to 'all' priorities and facilities. It might help you to figure out where things are logged and if this is the way you want it. Code:
#!/bin/bash |
You should also read up on man iptables and do a search for LOG
You'll use that in conjuction with syslog to output logs to where you need them to be. |
All times are GMT -5. The time now is 04:49 PM. |