[gentoo-user] what is the best strategy for using sysklogd with iptables? - gentoo-user

From:	Rob <europa100@×××××××.net>
To:	gentoo-user@l.g.o
Subject:	[gentoo-user] what is the best strategy for using sysklogd with iptables?
Date:	Wed, 23 Nov 2005 02:40:01
Message-Id:	`4383D4D6.701@comcast.net`

1

Hi,

2

3

I am using sysklogd with iptables.  I am wondering what the best

4

strategy is for sending iptables log output to a single file, rather

5

than having logged packets show up all over in /var/log/?  I haven't

6

been able yet to figure this out by myself.  I must be missing some doc

7

info somewhere.

8

9

Thank you.  Rob.

10

---------------------

11

12

Here is what I have now for syslog.conf:

13

14

#  /etc/syslog.conf     Configuration file for syslogd.

15

#

16

#                       For more information see syslog.conf(5)

17

#                       manpage.

18

#                       This is from Debian, we are using it for now

19

#                       Daniel Robbins, 5/15/99

20

21

#

22

# First some standard logfiles.  Log by facility.

23

#

24

25

auth,authpriv.*                 /var/log/auth.log

26

*.*;auth,authpriv.none          -/var/log/syslog

27

#cron.*                         /var/log/cron.log

28

daemon.*                        -/var/log/daemon.log

29

kern.*                          -/var/log/kern.log

30

lpr.*                           -/var/log/lpr.log

31

mail.*                          /var/log/mail.log

32

user.*                          -/var/log/user.log

33

uucp.*                          -/var/log/uucp.log

34

*.debug				/var/log/firewall.log

35

#

36

# Logging for the mail system. Split it up so that

37

# it is easy to write scripts to parse these files.

38

#

39

#mail.info                       -/var/log/mail.info

40

#mail.warn                       -/var/log/mail.warn

41

#mail.err                        /var/log/mail.err

42

43

# Logging for INN news system

44

#

45

#news.crit                       /var/log/news/news.crit

46

#news.err                        /var/log/news/news.err

47

#news.notice                     -/var/log/news/news.notice

48

49

#

50

# Some `catch-all' logfiles.

51

#

52

*.=info;*.=notice;*.=warn;\

53

        auth,authpriv.none;\

54

        cron,daemon.none;\

55

        mail,news.none          -/var/log/messages

56

57

#

58

# Emergencies are sent to everybody logged in.

59

#

60

*.emerg                         *

61

62

#

63

# I like to have messages displayed on the console, but only on a virtual

64

# console I usually leave idle.

65

#

66

#daemon,mail.*;\

67

#       news.=crit;news.=err;news.=notice;\

68

#       *.=debug;*.=info;\

69

#       *.=notice;*.=warn       /dev/tty8

70

71

# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,

72

# you must invoke `xconsole' with the `-file' option:

73

#

74

#    $ xconsole -file /dev/xconsole [...]

75

#

76

# NOTE: adjust the list below, or you'll go crazy if you have a reasonably

77

#      busy site..

78

#

79

#daemon.*,mail.*;\

80

#       news.crit;news.err;news.notice;\

81

#       *.=debug;*.=info;\

82

#       *.=notice;*.=warn       |/dev/xconsole

83

84

#local2.*                -/var/log/ppp.log

85

86

--

87

gentoo-user@g.o mailing list

Gentoo Archives: gentoo-user

Replies

1	Hi,
2
3	I am using sysklogd with iptables. I am wondering what the best
4	strategy is for sending iptables log output to a single file, rather
5	than having logged packets show up all over in /var/log/? I haven't
6	been able yet to figure this out by myself. I must be missing some doc
7	info somewhere.
8
9	Thank you. Rob.
10	---------------------
11
12	Here is what I have now for syslog.conf:
13
14	# /etc/syslog.conf Configuration file for syslogd.
15	#
16	# For more information see syslog.conf(5)
17	# manpage.
18	# This is from Debian, we are using it for now
19	# Daniel Robbins, 5/15/99
20
21	#
22	# First some standard logfiles. Log by facility.
23	#
24
25	auth,authpriv.* /var/log/auth.log
26	.;auth,authpriv.none -/var/log/syslog
27	#cron.* /var/log/cron.log
28	daemon.* -/var/log/daemon.log
29	kern.* -/var/log/kern.log
30	lpr.* -/var/log/lpr.log
31	mail.* /var/log/mail.log
32	user.* -/var/log/user.log
33	uucp.* -/var/log/uucp.log
34	*.debug /var/log/firewall.log
35	#
36	# Logging for the mail system. Split it up so that
37	# it is easy to write scripts to parse these files.
38	#
39	#mail.info -/var/log/mail.info
40	#mail.warn -/var/log/mail.warn
41	#mail.err /var/log/mail.err
42
43	# Logging for INN news system
44	#
45	#news.crit /var/log/news/news.crit
46	#news.err /var/log/news/news.err
47	#news.notice -/var/log/news/news.notice
48
49	#
50	# Some `catch-all' logfiles.
51	#
52	.=info;.=notice;*.=warn;\
53	auth,authpriv.none;\
54	cron,daemon.none;\
55	mail,news.none -/var/log/messages
56
57	#
58	# Emergencies are sent to everybody logged in.
59	#
60	.emerg
61
62	#
63	# I like to have messages displayed on the console, but only on a virtual
64	# console I usually leave idle.
65	#
66	#daemon,mail.*;\
67	# news.=crit;news.=err;news.=notice;\
68	# .=debug;.=info;\
69	# .=notice;.=warn /dev/tty8
70
71	# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
72	# you must invoke `xconsole' with the `-file' option:
73	#
74	# $ xconsole -file /dev/xconsole [...]
75	#
76	# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
77	# busy site..
78	#
79	#daemon.,mail.;\
80	# news.crit;news.err;news.notice;\
81	# .=debug;.=info;\
82	# .=notice;.=warn \|/dev/xconsole
83
84	#local2.* -/var/log/ppp.log
85
86	--
87	gentoo-user@g.o mailing list