FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-22-2009, 04:43 PM
Guillaume
 
Default problem with syslog

Hi,
I use personalized ipfilters and I want to log dropped packet to a dedicated file in /var/log by using syslog.
I've done some part of the configuration but the iptables messages are not writed in the file I want. They're displayed on console only...

You can see below the command I issue to get this behavior.

#for iptables
#in a user define chain called for each packet i want to filter
iptables -A LOG_AND_DROP -m limit --limit 10/minute -j LOG --log-level info --log-prefix "[IPTABLES DROP]: "

#my syslog.conf#
auth,authpriv.***************** /var/log/auth.log
*.*;auth,authpriv.none********* -/var/log/syslog
daemon.************************ -/var/log/daemon.log
kern.************************** -/var/log/kern.log

lpr.*************************** -/var/log/lpr.log
mail.************************** -/var/log/mail.log
user.************************** -/var/log/user.log
uucp.************************** /var/log/uucp.log
mail.info********************** -/var/log/mail.info

mail.warn********************** -/var/log/mail.warn
mail.err*********************** /var/log/mail.err
news.crit********************** /var/log/news/news.crit
news.err*********************** /var/log/news/news.err

news.notice******************** -/var/log/news/news.notice
*.=debug;
******* auth,authpriv.none;
******* news.none;mail.none**** -/var/log/debug
*.=info;*.=notice;*.=warn;
******* auth,authpriv.none;

******* cron,daemon.none;
******* mail,news.none********* -/var/log/messages
*.emerg******************************** *
daemon.*;mail.*;
******* news.crit;news.err;news.notice;
******* *.=debug;*.=info;

******* *.=notice;*.=warn****** |/dev/xconsole
kern.=info********** /var/log/firewall
#eof#

The /var/log/kern.log is not populated too ! And, no reference to 'console' can be seen here.
So, why messages are displayed on console !


Thanks for your help | answers | time
--
Guillaume
 
Old 02-03-2009, 02:35 PM
"Barclay, Daniel"
 
Default problem with syslog

Title: Re: problem with syslog







Guillaume wrote:

> Hi,

> I use personalized ipfilters and I want to log dropped packet to a

> dedicated file in /var/log by using syslog.

...>

> #for iptables

> #in a user define chain called for each packet i want to filter

> iptables -A LOG_AND_DROP -m limit --limit 10/minute -j LOG --log-level

> info --log-prefix "[IPTABLES DROP]: "

>

> #my syslog.conf#

...************** /var/log/auth.log

> *.*;auth,authpriv.none********* -/var/log/syslog

...

> #eof#

>

> The /var/log/kern.log is not populated too !



I'd suggest checking whether you see your iptables messages in /var/log/syslog.



If not, then maybe your iptables rule isn't getting executed.* You might

try putting a rule with -j LOG first on a chain to make sure it's being

executed.* Then maybe you can identify whether the problem is in the

logging side (logging from iptables to syslogd and from syslogd to files)

or is in your iptables setup.









Daniel

--

(Plain text sometimes corrupted to HTML "courtesy" of Microsoft Exchange.) [F]
 

Thread Tools




All times are GMT. The time now is 02:37 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org