1 |
You can use following entrys in your syslog-ng.conf to log firewall messages |
2 |
to a seperate file than the normal kernel output. |
3 |
|
4 |
# source kernsrc { file("/proc/kmsg"); }; |
5 |
# destination kern { file("/var/log/kern.log"); }; |
6 |
# destination firewall { file("/var/log/firewall.log"); }; |
7 |
# filter f_firewall { match("firewall"); }; |
8 |
# filter f_kern { facility(kern) and not filter(f_firewall);}; |
9 |
# log { source(kernsrc); filter(f_kern); destination(kern); }; |
10 |
# log { source(kernsrc); filter(f_firewall); destination(firewall); }; |
11 |
|
12 |
|
13 |
On Sunday 27 November 2005 15:46, Lasse Birnbaum Jensen wrote: |
14 |
> Try using ULOG with the ULOGD daemon |
15 |
> |
16 |
> > I have installed iptables yesterday and currently using a basic script |
17 |
> > from web to enable firewall. The script logs the dropped packets using |
18 |
> > following entries |
19 |
> > |
20 |
> > /sbin/iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT " |
21 |
> > /sbin/iptables -I INPUT 1 -p tcp -m state --state INVALID -j LOG |
22 |
> > --log-prefix "FIREWALL:INVALID " |
23 |
> > |
24 |
> > iptables seem to be working fine but the problem is that it is logging |
25 |
> > everything in /var/log/messages but I want it to log it some other file. |
26 |
> > May be /var/log/iptables. I have googled and found that syslog-ng can do |
27 |
> > it and some entries in /etc/syslog-ng/syslog-ng.conf should work but I am |
28 |
> > not sure how to do it. "man syslog-ng.conf" is not making much sense for |
29 |
> > me either (newbie). |
30 |
> > |
31 |
> > Can some one please give me any links where I can read about how to |
32 |
> > easily configure syslog-ng.conf and achieve what I desire. If you could |
33 |
> > give exact entries then I would be more than greatful. |
34 |
> > |
35 |
> > TIA |
36 |
> > Regards, |
37 |
> > Abhay Kedia |
38 |
> |
39 |
> -- |
40 |
> Venlig hilsen / Best regards |
41 |
> Lasse Birnbaum Jensen |
42 |
|
43 |
-- |
44 |
Fachschaft Mathematik/Physik |
45 |
Andreas Herrmann |
46 |
University of Bayreuth |
47 |
95440 Bayreuth |
48 |
Germany |
49 |
|
50 |
email sma@××××××××××××××××××.de |
51 |
www http://hacktor.fs.uni-bayreuth.de/~sma/ |
52 |
private +44-787-0115648 |
53 |
-- |
54 |
gentoo-security@g.o mailing list |