FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 06-19-2008, 05:16 AM
JW
 
Default correct "Debian" way to log iptables to seperate file

Hello,

Iptables is annoying me by:

1) printing logs to the console

2) filling my /var/log/messages up with the same logs, which then get picked
up and uselessly emailed to me by logcheck and logwatch.

Of course all the logging is controlled by syslog, not iptables.

What I really want is for those logs (which are not worthy of
their "kernel.warning" status) to go to their own file.

Google searching has turned up dozens of possible options, all of which seem
like rather untidy hacks.

What's the "right" way to do it?

JW


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-19-2008, 06:53 AM
Ron Johnson
 
Default correct "Debian" way to log iptables to seperate file

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/19/08 00:16, JW wrote:
> Hello,
>
> Iptables is annoying me by:
>
> 1) printing logs to the console
>
> 2) filling my /var/log/messages up with the same logs, which then get picked
> up and uselessly emailed to me by logcheck and logwatch.
>
> Of course all the logging is controlled by syslog, not iptables.
>
> What I really want is for those logs (which are not worthy of
> their "kernel.warning" status) to go to their own file.
>
> Google searching has turned up dozens of possible options, all of which seem
> like rather untidy hacks.
>
> What's the "right" way to do it?

Use the system logger. You're probably using the default, sysklogd,
and it's control file /etc/syslog.conf.

So, study up on it, particularly "$ man 5 syslog.conf", and Google
from there.

- --
Ron Johnson, Jr.
Jefferson LA USA

"Kittens give Morbo gas. In lighter news, the city of New New
York is doomed."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkhaAoQACgkQS9HxQb37Xmd3qgCgn2vSvqQwL+ o6kp10fc3oFxhT
Mo0AoLO/8rX4K5vP+nL98YL04re7NKVl
=1oS0
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-19-2008, 07:05 AM
martin f krafft
 
Default correct "Debian" way to log iptables to seperate file

also sprach JW <jw@mailsw.com> [2008.06.19.0716 +0200]:
> Iptables is annoying me by:
>
> 1) printing logs to the console
>
> 2) filling my /var/log/messages up with the same logs, which then
> get picked up and uselessly emailed to me by logcheck and
> logwatch.

So remove the rules that jump to the LOG chain.

I assume you're using some sort of "firewall" tool which generates
those. You ought to look there for the problem and then hit the
maintainer with the cluebat.

> What I really want is for those logs (which are not worthy of
> their "kernel.warning" status) to go to their own file.

Check out syslog-ng, which can do filtering based on line
content/regexps.

PS: nothing Debian-specific in this at all...

--
.'`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, author, administrator, and user
`. `'` http://people.debian.org/~madduck - http://debiansystem.info
`- Debian - when you have better things to do than fixing systems

"'the answer to the great question...'
'of life, the universe and everything...' said deep thought.
'is...' said deep thought, and paused.
'is...'
'forty-two,' said deep thought, with infinite majesty and calm."
-- hitchhiker's guide to the galaxy
 
Old 06-19-2008, 07:26 AM
Alex Samad
 
Default correct "Debian" way to log iptables to seperate file

On Thu, Jun 19, 2008 at 12:16:15AM -0500, JW wrote:
> Hello,
>
> Iptables is annoying me by:
>
> 1) printing logs to the console
>
> 2) filling my /var/log/messages up with the same logs, which then get picked
> up and uselessly emailed to me by logcheck and logwatch.
>
> Of course all the logging is controlled by syslog, not iptables.
>
> What I really want is for those logs (which are not worthy of
> their "kernel.warning" status) to go to their own file.
>
> Google searching has turned up dozens of possible options, all of which seem
> like rather untidy hacks.
>
> What's the "right" way to do it?

iptables LOG messages come from kernel: if you want to keep using
syslogd, then you need to change all your LOG rules to ULOG (install
ulogd) which gives you more options files, syslog, DB etc

>
> JW
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

--
"The Iraqis need to be very much involved. They were the people that was brutalized by this man."

- George W. Bush
12/15/2003
Washington, DC
 

Thread Tools




All times are GMT. The time now is 07:58 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org