correct "Debian" way to log iptables to seperate file
Hello,
Iptables is annoying me by:
1) printing logs to the console
2) filling my /var/log/messages up with the same logs, which then get picked
up and uselessly emailed to me by logcheck and logwatch.
Of course all the logging is controlled by syslog, not iptables.
What I really want is for those logs (which are not worthy of
their "kernel.warning" status) to go to their own file.
Google searching has turned up dozens of possible options, all of which seem
like rather untidy hacks.
What's the "right" way to do it?
JW
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
06-19-2008, 06:53 AM
Ron Johnson
correct "Debian" way to log iptables to seperate file
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/19/08 00:16, JW wrote:
> Hello,
>
> Iptables is annoying me by:
>
> 1) printing logs to the console
>
> 2) filling my /var/log/messages up with the same logs, which then get picked
> up and uselessly emailed to me by logcheck and logwatch.
>
> Of course all the logging is controlled by syslog, not iptables.
>
> What I really want is for those logs (which are not worthy of
> their "kernel.warning" status) to go to their own file.
>
> Google searching has turned up dozens of possible options, all of which seem
> like rather untidy hacks.
>
> What's the "right" way to do it?
Use the system logger. You're probably using the default, sysklogd,
and it's control file /etc/syslog.conf.
So, study up on it, particularly "$ man 5 syslog.conf", and Google
from there.
- --
Ron Johnson, Jr.
Jefferson LA USA
"Kittens give Morbo gas. In lighter news, the city of New New
York is doomed."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
06-19-2008, 07:05 AM
martin f krafft
correct "Debian" way to log iptables to seperate file
also sprach JW <jw@mailsw.com> [2008.06.19.0716 +0200]:
> Iptables is annoying me by:
>
> 1) printing logs to the console
>
> 2) filling my /var/log/messages up with the same logs, which then
> get picked up and uselessly emailed to me by logcheck and
> logwatch.
So remove the rules that jump to the LOG chain.
I assume you're using some sort of "firewall" tool which generates
those. You ought to look there for the problem and then hit the
maintainer with the cluebat.
> What I really want is for those logs (which are not worthy of
> their "kernel.warning" status) to go to their own file.
Check out syslog-ng, which can do filtering based on line
content/regexps.
PS: nothing Debian-specific in this at all...
--
.'`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, author, administrator, and user
`. `'` http://people.debian.org/~madduck - http://debiansystem.info
`- Debian - when you have better things to do than fixing systems
"'the answer to the great question...'
'of life, the universe and everything...' said deep thought.
'is...' said deep thought, and paused.
'is...'
'forty-two,' said deep thought, with infinite majesty and calm."
-- hitchhiker's guide to the galaxy
06-19-2008, 07:26 AM
Alex Samad
correct "Debian" way to log iptables to seperate file
On Thu, Jun 19, 2008 at 12:16:15AM -0500, JW wrote:
> Hello,
>
> Iptables is annoying me by:
>
> 1) printing logs to the console
>
> 2) filling my /var/log/messages up with the same logs, which then get picked
> up and uselessly emailed to me by logcheck and logwatch.
>
> Of course all the logging is controlled by syslog, not iptables.
>
> What I really want is for those logs (which are not worthy of
> their "kernel.warning" status) to go to their own file.
>
> Google searching has turned up dozens of possible options, all of which seem
> like rather untidy hacks.
>
> What's the "right" way to do it?
iptables LOG messages come from kernel: if you want to keep using
syslogd, then you need to change all your LOG rules to ULOG (install
ulogd) which gives you more options files, syslog, DB etc
>
> JW
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
--
"The Iraqis need to be very much involved. They were the people that was brutalized by this man."
correct "Debian" way to log iptables to seperate file
