Log iptables logs into other file

Tux-Slack · 11-18-2007, 09:37 AM

I use these rules to log my iptables drop rules:

Code:

$IPT -N drop_input 2> /dev/null
$IPT -A drop_input -j LOG --log-prefix 'FW DROP INPUT:'
$IPT -A drop_input -j DROP

$IPT -N drop_output 2> /dev/null
$IPT -A drop_output -j LOG --log-prefix 'FW DROP OUTPUT:'
$IPT -A drop_output -j DROP

$IPT -N drop_forward 2> /dev/null
$IPT -A drop_forward -j LOG --log-prefix 'FW DROP FORWARD:'
$IPT -A drop_forward -j DROP

But now every dropped connection is logged in /var/log/syslog
I would like to log them in 3 separate files like:
/var/log/iptables/input
/var/log/iptables/output
/var/log/iptables/forward

How would I do this?

rworkman · 11-18-2007, 01:20 PM

ulogd will do something *close* to what you want - you can put the iptables logs into a seperate file. Once you have them into a seperate file (not cluttering up syslog/messages/dmesg), you can use standard text processing tools (grep,awk,...) to work with the individual logfiles.

I've got packages and sources of ulogd for 11.0, 12.0, and -current on my site if you're interested.

Tux-Slack · 11-18-2007, 01:57 PM

Well if it would be just in one separate file it would be a start and far better than all that mess in syslog.

Edit:
BTW, your site kicks ass