Hi, Here is what I did. Please note: this is probably not appropriate for a professional/production/multi-user system. I run Debian as software development platform w/ Firestarter to manage IPTables.
Firestarter causes IPTables to log messages related to various DoS attacks.attacks.attacks.attacks.attacks.attacks.. It then instructs IPTables to disable traffic from the associated IP address. So, it's not entirely appropriate to disable logging entirely. IPTables logging is controlled by Firestarter in the /etc/firestarter/configuration file. The shell variable "LOG_LEVEL" is transmitted to IPTables; which level is then used as the SYSLOG message level. -> LOG_LEVEL=debug Modify /etc/syslog.conf to log kern.debug messages to /dev/null on the theory that important messages shouldn't be written at debug level. If I really need to be seeing these messages, I'll probably be disconnected from the net. That's my theory and I'm sticking to it -> kern.debug -/dev/null However, I obviously do not want to discard /all/ kernel messages -> kern.info -/var/log/syslog I still think this is rather ham-handed. The difficulty (IMNSHO) stems from the lack of granularity below the facility level. In other words, I can't (AFAIK) specifically log kern.iptables to its own file. Cheers, jec -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
