On Tue, Jun 24, 2003 at 09:26:32AM -0400, Robert L. Harris wrote:
>
> Looking at the docs for iptables you can specify log Level (auth,
> crit, etc) but I don't see a way of specifying a "facility" such as
> local1. I'd like to put all my iptables output logs into a specific
> file I can dig through easier than my messages file. Messing with
> loglevels could work but has potential to get very ugly if it makes me
> miss important messages I need otherwise.
>
> Any ideas?
> Robert
iptables does not have any way to specify the logging facility, only the
priority.
Install the "ulogd" package (userspace logging daemon) and then use the
ULOG target instead of LOG.
Example:
$IPTABLES -A CHECK_FLAGS -p tcp --tcp-flags ALL FIN,URG,PSH -m limit \
--limit 5/minute -j ULOG --ulog-prefix "NMAP-XMAS:
Read the iptables manpage to see the options for the ULOG target. I
didn't specify a netlink group because iptables and ulogd both default
to 1.
Read the ulogd manpage also.
As of about a week ago, the ulogd package in sarge/testing was not working for
me. The daemon would run but nothing ever got printed to my log file.
Installing the sid/unstable package solved this problem.
If you edit /etc/ulogd.conf you can set the name of the log file to
something meaningful like /var/log/iptables.log
Enjoy!
- Joe
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
