OK, I'm going crazy here trying to get iptables to log packets to a file called /var/log/kern.info.
I've got these rules at the beginning of my chains:
iptables -A INPUT --source 0.0.0.0/0 --destination 0.0.0.0/0 \
-j LOG --log-level info --log-prefix 'INPUT packet ' \
--log-tcp-options --log-ip-options
iptables -A OUTPUT --source 0.0.0.0/0 --destination 0.0.0.0/0 \
-j LOG --log-level info --log-prefix 'OUTPUT packet ' \
--log-tcp-options --log-ip-options
And this line in my /etc/syslog.conf:
kern.=info -/var/log/kern.info
But /var/log/kern.info is empty:
-rw-r----- 1 root adm 0 Jul 30 10:04 /var/log/kern.info
I've stopped and started /etc/init.d/sysklogd and /etc/init.d/klogd
multiple times (and in various orders), as well as re-running iptables.
I've also tried deleting /var/log/kern.info, changing it's ownership
and permissions, and all combinations of these things. But still the
file remains empty.
I know the configuration files are correct, because I got it working
earlier, and iptables is logging stuff to wherever 'dmesg' reads from.
But ever since I decided to clear /var/log/kern.info by deleting it
and touching it, I can't get sysklogd to put stuff into the file.
What am I missing? And what is the right procedure to clear a log
without causing sysklogd / klogd to choke?
Thanks,
Chris
--
Christopher S. Swingley 930 Koyukuk Drive
System / Network Manager University of Alaska Fairbanks
IARC -- Frontier Program Fairbanks, AK 99775
phone: 907-474-2689 fax: 907-474-2643
email: [EMAIL PROTECTED] GNUPG and PGP2 keys at my web site
web: http://www.frontier.iarc.uaf.edu/~cswingle
pgpg5CObSTjcs.pgp
Description: PGP signature
