Re: [plug] IPTABLES changin default logging.

[gari]

Hi Roland. 

I think netfilter logs are under the facility 'kern' and priority 'warn' in
syslog. But I may be mistaken.

You can start with the line:

     kern.warn          /var/log/iptables

added to your /etc/syslog.conf and see if your iptables logs goes there. Of
course you have to restart syslogd after editing the config file.

For more info on logging in linux, please see the syslog.conf manual (man
syslog.conf).

You can prepend the filename with a - (minus sign) like -/var/log/iptables
specially if you are logging quite a large number of connections. 

On rotating log files, this is done quite differently across distributions. But
if you have an /etc/logrotate.d/ directory, then you must be using the logrotate
package.

Just create a file under /etc/logrotate.d with filename 'iptables' (it can be
any filename you want) that contains:

     /var/log/iptables {
          daily
          missingok
          compress
          rotate 7
          create 600 root root
     }

That will cause your logfile to rotate daily and keep a week's worth of
compressed logs that can only be read by root.

See 'man logrotate' for more options.

HTH.

Gari

Quoting linux board <[EMAIL PROTECTED]>:

> HI Linux Gurus,
> 
> Can you help me with my slight concern here:
> I want to put a logging on my iptables that will go to a praticular
> directory/folder. 
> e.g, (/var/log/iptables) I tried to enable it on the iptables but it will go
> through 
> default direcorty (/var/log/messages). Here's my sample script from
> iptables:
> <! snip> IPTABLES -L
> LOG        tcp  --  anywhere             10.5.1.20          tcp dpt:http LOG
> level warning prefix `DROP_80'
> DROP       tcp  --  anywhere             10.5.1.20          tcp dpt:http
> LOG        tcp  --  anywhere             10.5.1.20          tcp dpt:ssh LOG
> level warning prefix `DROP_22'
> DROP       tcp  --  anywhere             10.5.1.20          tcp dpt:ssh
>  
> Can you help me on this? Can it also configured to log rotate daily? Please
> advise. Thanks
> 
> Roland Fajardo
> SKY CABLENET




-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

--
Philippine Linux Users' Group (PLUG) Mailing List
plug@lists.q-linux.com (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie