Gentoo Archives: gentoo-security

From: aa6qn@×××××××××××.net
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] How to make iptables log to a separate log file?
Date: Sun, 04 Dec 2005 16:00:49
Message-Id: 59114.127.0.0.1.1133707114.squirrel@127.0.0.1
In Reply to: Re: [gentoo-security] How to make iptables log to a separate log file? by Andreas Herrmann
1 > You can use following entrys in your syslog-ng.conf to log firewall
2 > messages
3 > to a seperate file than the normal kernel output.
4 >
5 > # source kernsrc { file("/proc/kmsg"); };
6 > # destination kern { file("/var/log/kern.log"); };
7 > # destination firewall { file("/var/log/firewall.log"); };
8 > # filter f_firewall { match("firewall"); };
9 > # filter f_kern { facility(kern) and not filter(f_firewall);};
10 > # log { source(kernsrc); filter(f_kern); destination(kern); };
11 > # log { source(kernsrc); filter(f_firewall); destination(firewall); };
12 >
13 >
14
15 Just wanted to say thank you for the input. You gave me a great idea
16 where-as I used --log-prefix field in iptables to give each log a unique
17 flag (in my case its "IPT" ie. --log-prefix "IPT New SSH on eth0".
18
19 Then I filtered the syslog-ng on "IPT" and forwarded to /var/log/firewall.log
20
21 JohnF
22
23 --
24 gentoo-security@g.o mailing list