On Fri, 2004-07-09 at 16:12, Edwin Dicker wrote: > Hi All, > > On my Iptables firewall some packets gets logged to /var/log/messages. > The messages file is getting unreadable with all these iptables logging and > I am looking for a better way to log these messages. > Since these are kernel messages my thought went to the syslog.conf file and > I configured that all kern.warn events should be logged to /var/log/firewall > ( so they dont mess up my messages file ) after doing this it looks like > only half of the messages gets logged in /var/log/firewall and the other > half still gets logged to /var/log/messages. > > Are there different types of severity concerning iptables logging ? > Has someone got a better idea to prevent messing up the messages file ? > > Tia, > Edwin It seems on every system there are log levels that are not used. On my system these are notice and warn so I set my iptables and syslog.conf like this 1) For /etc/syslog.conf I added these # Log general networking info *.notice /var/log/networking *.warn /var/log/firewall # Log cron stuff 2) For iptables $IPTABLES -A INPUT -i $IF0 -s 192.168.xx.xx/32 -d 0/0 -m state --state \! $ER -j LOG --log-level notice --log-prefix "Spoof Attempt" -- jludwig <wralphie@xxxxxxxxxxx>
