I would like to log iptable -j LOG to something like local5 rather than to messages. However, based on my reading of the doco I do not see a way to change the logging facility for iptables.
The iptables man talks about a -j ULOG. However, searches for information on how to use it (with specific examples) have met with no success. I have found a program called ulogd which supposedly will allow one to use ULOG to log packets to a plaintext file or mysql. Efforts to do a make on it have also met with no success. Evidently, the components needed to support ULOG in iptables were not included in kernel on the CDs? Here are the error messages: [EMAIL PROTECTED] ulogd-1.00]$ make make[1]: Entering directory `/home/admin/rpms/BUILD/ulogd-1.00/conffile' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/home/admin/rpms/BUILD/ulogd-1.00/conffile' make[1]: Entering directory `/home/admin/rpms/BUILD/ulogd-1.00/libipulog' gcc -g -O2 -DULOGD_CONFIGFILE=\"/usr/local/etc/ulogd.conf\" -I/usr/src/linux/include -Iinclude -I/usr/src/linux/include -c libipulog.c -o libipulog.o In file included from libipulog.c:32: include/libipulog/libipulog.h:15:43: linux/netfilter_ipv4/ipt_ULOG.h: No such file or directory In file included from libipulog.c:32: include/libipulog/libipulog.h:34: parse error before '*' token include/libipulog/libipulog.h:36: warning: data definition has no type or storage class libipulog.c: In function `ipulog_create_handle': libipulog.c:154: `NETLINK_NFLOG' undeclared (first use in this function) libipulog.c:154: (Each undeclared identifier is reported only once libipulog.c:154: for each function it appears in.) libipulog.c: At top level: libipulog.c:204: parse error before '*' token make[1]: *** [libipulog.o] Error 1 make[1]: Leaving directory `/home/admin/rpms/BUILD/ulogd-1.00/libipulog' make: *** [recurse] Error 1 [EMAIL PROTECTED] ulogd-1.00]$ locate ipt_ulog.h [EMAIL PROTECTED] ulogd-1.00]$ locate ulog Anyone have any ideas on how I can get the -j LOG action put the results in /var/log/packets rather than as kernel in /var/log/messages? Thanks. Mike -- Psyche-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/psyche-list
