Gentoo Archives: gentoo-security

From: aa6qn@×××××××××××.net
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] How to make iptables log to a separate log file?
Date: Sun, 04 Dec 2005 16:00:49
Message-Id: 59114.127.0.0.1.1133707114.squirrel@127.0.0.1
In Reply to: Re: [gentoo-security] How to make iptables log to a separate log file? by Andreas Herrmann
> You can use following entrys in your syslog-ng.conf to log firewall > messages > to a seperate file than the normal kernel output. > > # source kernsrc { file("/proc/kmsg"); }; > # destination kern { file("/var/log/kern.log"); }; > # destination firewall { file("/var/log/firewall.log"); }; > # filter f_firewall { match("firewall"); }; > # filter f_kern { facility(kern) and not filter(f_firewall);}; > # log { source(kernsrc); filter(f_kern); destination(kern); }; > # log { source(kernsrc); filter(f_firewall); destination(firewall); }; > >
Just wanted to say thank you for the input. You gave me a great idea where-as I used --log-prefix field in iptables to give each log a unique flag (in my case its "IPT" ie. --log-prefix "IPT New SSH on eth0". Then I filtered the syslog-ng on "IPT" and forwarded to /var/log/firewall.log JohnF -- gentoo-security@g.o mailing list