On 21:44 Fri 25 Jul , [EMAIL PROTECTED] wrote: > I would like to have those messages logged in a specific log file > (let's say, /var/log/firewall) instead of the more general log > file /var/log/messages (with sysklogd). > > An instance of such messages is: > > Jul 25 20:58:30 [kernel] IN=ppp0 OUT= MAC= SRC=66.98.32.141 > DST=200.170.180.164 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=50883 DF > PROTO=TCP SPT=15407 DPT=5614 WINDOW=32768 RES=0x00 SYN URGP=0
Iptables lets you specify the log level for packet logging. But if you want to be sure that your dropped packets are the only messages showing up in a file, I think the best way is to emerge syslog-ng. Syslog-ng lets you redirect messages to different files based on their content. You could use '--log-prefix firewall' in your iptables rules and match against "firewall" in your syslog-ng.conf. Regards Raimar Sandner -- [EMAIL PROTECTED] mailing list