Hello,
I'm using iptables 1.2.3 and I'm confused with the way '--log-level' works.
According to the iptables(8) man it can take numeric arguments. I assume
these numeric arguments are 1 to 8 (c.q debug to emerg) as specified in the
syslog.conf man:
The priority is one of the following keywords, in ascending order:
debug, info, notice, warning, warn (same as warning), err, error (same as
err), crit, alert, emerg, panic (same as emerg). The keywords error, warn
and panic are deprecated and should not be used anymore. The priority defines
the severity of the message
I conclude from this, emphasizing the ascending order note, that "debug"
should be '--log-level 1', "info" should be '--log-level 2' etcetera. This
makes "warning" '--log-level 7'. However, after experimenting a bit with
the --log-level argument in my iptables rules I come to the conclusion that
when I specify '--log-level 1' it logs to syslog as priority "warning", and
not as priority "debug" as I thought it would and as it should according
to my previous interpretation of both man pages.
Likely it's me who's got it all wrong, or it's the numeric argument to iptables'
'--log-level' that differs from the order in which the priorities are mentioned
in the syslog.conf(5) man.
I'd greatly appreciate an explanation.
Yours sincerly;
3b.
