You can use following entrys in your syslog-ng.conf to log firewall messages 
to a seperate file than the normal kernel output.

# source kernsrc { file("/proc/kmsg"); };
# destination kern { file("/var/log/kern.log"); };
# destination firewall { file("/var/log/firewall.log"); };
# filter f_firewall { match("firewall"); };
# filter f_kern { facility(kern) and not filter(f_firewall);};
# log { source(kernsrc); filter(f_kern); destination(kern); };
# log { source(kernsrc); filter(f_firewall); destination(firewall); };


On Sunday 27 November 2005 15:46, Lasse Birnbaum Jensen wrote:
> Try using ULOG with the ULOGD daemon
>
> > I have installed iptables yesterday and currently using a basic script
> > from web to enable firewall. The script logs the dropped packets using
> > following entries
> >
> > /sbin/iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT "
> > /sbin/iptables -I INPUT 1 -p tcp -m state --state INVALID -j LOG
> > --log-prefix "FIREWALL:INVALID "
> >
> > iptables seem to be working fine but the problem is that it is logging
> > everything in /var/log/messages but I want it to log it some other file.
> > May be /var/log/iptables. I have googled and found that syslog-ng can do
> > it and some entries in /etc/syslog-ng/syslog-ng.conf should work but I am
> > not sure how to do it. "man syslog-ng.conf" is not making much sense for
> > me either (newbie).
> >
> > Can some one please give me any links where I can read about how to
> > easily configure syslog-ng.conf and achieve what I desire. If you could
> > give exact entries then I would be more than greatful.
> >
> > TIA
> > Regards,
> > Abhay Kedia
>
> --
> Venlig hilsen / Best regards
> Lasse Birnbaum Jensen

-- 
Fachschaft Mathematik/Physik
Andreas Herrmann
University of Bayreuth
95440 Bayreuth
Germany

email   sma@...
www     http://hacktor.fs.uni-bayreuth.de/~sma/
private +44-787-0115648
-- 
gentoo-security@g.o mailing list