Gentoo Archives: gentoo-security

From:	Andreas Herrmann <sma@××××××××××××××××××.de>
To:	gentoo-security@l.g.o
Subject:	Re: [gentoo-security] How to make iptables log to a separate log file?
Date:	Sun, 27 Nov 2005 18:20:47
Message-Id:	`200511271814.55710.sma@fsmpi.uni-bayreuth.de`
In Reply to:	Re: [gentoo-security] How to make iptables log to a separate log file? by Lasse Birnbaum Jensen

1	You can use following entrys in your syslog-ng.conf to log firewall messages
2	to a seperate file than the normal kernel output.
3
4	# source kernsrc { file("/proc/kmsg"); };
5	# destination kern { file("/var/log/kern.log"); };
6	# destination firewall { file("/var/log/firewall.log"); };
7	# filter f_firewall { match("firewall"); };
8	# filter f_kern { facility(kern) and not filter(f_firewall);};
9	# log { source(kernsrc); filter(f_kern); destination(kern); };
10	# log { source(kernsrc); filter(f_firewall); destination(firewall); };
11
12
13	On Sunday 27 November 2005 15:46, Lasse Birnbaum Jensen wrote:
14	> Try using ULOG with the ULOGD daemon
15	>
16	> > I have installed iptables yesterday and currently using a basic script
17	> > from web to enable firewall. The script logs the dropped packets using
18	> > following entries
19	> >
20	> > /sbin/iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT "
21	> > /sbin/iptables -I INPUT 1 -p tcp -m state --state INVALID -j LOG
22	> > --log-prefix "FIREWALL:INVALID "
23	> >
24	> > iptables seem to be working fine but the problem is that it is logging
25	> > everything in /var/log/messages but I want it to log it some other file.
26	> > May be /var/log/iptables. I have googled and found that syslog-ng can do
27	> > it and some entries in /etc/syslog-ng/syslog-ng.conf should work but I am
28	> > not sure how to do it. "man syslog-ng.conf" is not making much sense for
29	> > me either (newbie).
30	> >
31	> > Can some one please give me any links where I can read about how to
32	> > easily configure syslog-ng.conf and achieve what I desire. If you could
33	> > give exact entries then I would be more than greatful.
34	> >
35	> > TIA
36	> > Regards,
37	> > Abhay Kedia
38	>
39	> --
40	> Venlig hilsen / Best regards
41	> Lasse Birnbaum Jensen
42
43	--
44	Fachschaft Mathematik/Physik
45	Andreas Herrmann
46	University of Bayreuth
47	95440 Bayreuth
48	Germany
49
50	email sma@××××××××××××××××××.de
51	www http://hacktor.fs.uni-bayreuth.de/~sma/
52	private +44-787-0115648
53	--
54	gentoo-security@g.o mailing list

Replies

Subject	Author
Re: [gentoo-security] How to make iptables log to a separate log file?	MaxieZ <maxiez@××××××.com>
Re: [gentoo-security] How to make iptables log to a separate log file?	aa6qn@×××××××××××.net

Report Message

Find on MARC Find on Google Groups