Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: aa6qn@...
Subject: Re: How to make iptables log to a separate log file?
Date: Sun, 4 Dec 2005 06:38:34 -0800 (PST)
> You can use following entrys in your syslog-ng.conf to log firewall
> messages
> to a seperate file than the normal kernel output.
>
> # source kernsrc { file("/proc/kmsg"); };
> # destination kern { file("/var/log/kern.log"); };
> # destination firewall { file("/var/log/firewall.log"); };
> # filter f_firewall { match("firewall"); };
> # filter f_kern { facility(kern) and not filter(f_firewall);};
> # log { source(kernsrc); filter(f_kern); destination(kern); };
> # log { source(kernsrc); filter(f_firewall); destination(firewall); };
>
>

Just wanted to say thank you for the input. You gave me a great idea
where-as I used --log-prefix field in iptables to give each log a unique
flag (in my case its "IPT" ie. --log-prefix "IPT New SSH on eth0".

Then I filtered the syslog-ng on "IPT" and forwarded to /var/log/firewall.log

JohnF

-- 
gentoo-security@g.o mailing list


References:
How to make iptables log to a separate log file?
-- Abhay Kedia
Re: How to make iptables log to a separate log file?
-- Lasse Birnbaum Jensen
Re: How to make iptables log to a separate log file?
-- Andreas Herrmann
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: How to make iptables log to a separate log file?
Next by thread:
GLSA feed entries limitation
Previous by date:
Re: Boot CD for secure remote access
Next by date:
GLSA feed entries limitation


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.