1 |
> You can use following entrys in your syslog-ng.conf to log firewall |
2 |
> messages |
3 |
> to a seperate file than the normal kernel output. |
4 |
> |
5 |
> # source kernsrc { file("/proc/kmsg"); }; |
6 |
> # destination kern { file("/var/log/kern.log"); }; |
7 |
> # destination firewall { file("/var/log/firewall.log"); }; |
8 |
> # filter f_firewall { match("firewall"); }; |
9 |
> # filter f_kern { facility(kern) and not filter(f_firewall);}; |
10 |
> # log { source(kernsrc); filter(f_kern); destination(kern); }; |
11 |
> # log { source(kernsrc); filter(f_firewall); destination(firewall); }; |
12 |
> |
13 |
> |
14 |
|
15 |
Just wanted to say thank you for the input. You gave me a great idea |
16 |
where-as I used --log-prefix field in iptables to give each log a unique |
17 |
flag (in my case its "IPT" ie. --log-prefix "IPT New SSH on eth0". |
18 |
|
19 |
Then I filtered the syslog-ng on "IPT" and forwarded to /var/log/firewall.log |
20 |
|
21 |
JohnF |
22 |
|
23 |
-- |
24 |
gentoo-security@g.o mailing list |