OK, I'm going crazy here trying to get iptables to log packets to a
file called /var/log/kern.info.

I've got these rules at the beginning of my chains:

    iptables -A INPUT --source 0.0.0.0/0 --destination 0.0.0.0/0 \
        -j LOG --log-level info --log-prefix 'INPUT packet ' \
        --log-tcp-options --log-ip-options
    iptables -A OUTPUT --source 0.0.0.0/0 --destination 0.0.0.0/0 \
        -j LOG --log-level info --log-prefix 'OUTPUT packet ' \
        --log-tcp-options --log-ip-options

And this line in my /etc/syslog.conf:

    kern.=info                      -/var/log/kern.info

But /var/log/kern.info is empty:

  -rw-r-----    1 root     adm    0 Jul 30 10:04 /var/log/kern.info

I've stopped and started /etc/init.d/sysklogd and /etc/init.d/klogd
multiple times (and in various orders), as well as re-running iptables.
I've also tried deleting /var/log/kern.info, changing it's ownership
and permissions, and all combinations of these things.  But still the
file remains empty.

I know the configuration files are correct, because I got it working
earlier, and iptables is logging stuff to wherever 'dmesg' reads from.
But ever since I decided to clear /var/log/kern.info by deleting it
and touching it, I can't get sysklogd to put stuff into the file.

What am I missing?  And what is the right procedure to clear a log
without causing sysklogd / klogd to choke?

Thanks,

Chris
-- 
Christopher S. Swingley         930 Koyukuk Drive
System / Network Manager        University of Alaska Fairbanks
IARC -- Frontier Program        Fairbanks, AK 99775

phone: 907-474-2689             fax: 907-474-2643
email: [EMAIL PROTECTED]    GNUPG and PGP2 keys at my web site
  web: http://www.frontier.iarc.uaf.edu/~cswingle

Attachment: pgpg5CObSTjcs.pgp
Description: PGP signature

Reply via email to