On Wed, Apr 24, 2002 at 10:36:27 +0200, Tim Dijkstra wrote: > Hi, > > I was wondering if I could get iptables to log to a separate log file > instead of /var/log/messages. When I am working on my firewall > /var/log/messages sometimes gets flooded with messages... > > I understand that iptables uses the 'kern' syslog facility, does this > mean I can't separate it from the rest of the kernel messages? Or is > there maybe some hack/config option to get iptables to use something > else... > Ok, one way of doing this is to set the log-level in your logging chains and then configure syslog to log entries for that level to a separate file. For example, you would have a logging chain like: $IPTABLES -N logdrop $IPTABLES -A logdrop -j LOG --log-level 4 --log-prefix "Log_Drop" $IPTABLES -A logdrop -j DROP
And then you edit /etc/syslog.conf and append the following line: kern.=warning -/var/log/firewall.log (Nb. line up with tabs) Then the firewall will log to /var/log/firewall.log as well as syslog The other possibility is to look into the ulog target. This may give more configurability, but I haven't used it yet. Cheers. Mark.
pgptuoGGFo5Ts.pgp
Description: PGP signature
