On Saturday 07 September 2002 07:38 pm, Robert Canary wrote: > try adding > *.debug /var/log/debug.log
I tried that. It logs the firewall messages (plus some other things) to that file. But it still logs to /var/log/messages and it still logs to the screen. I don't actually want it to any additional places. I just want it to stop logging to the screen. > it is hard to tell which facility to capture, but since you have > debuggibg turned on I am guessing it should be in the .debug sub > facility. >From this firewall message: Sep 9 19:27:08 hostname kernel: Dropped: IN=eth0 OUT= MAC=00:05:xx:xx:xx:xx:00:00:77:95:6e:c6:08:00 SRC=24.68.18.131 DST=xx.xx.xx.xx LEN=78 TOS=0x00 PREC=0x00 TTL=125 ID=5039 PROTO=UDP SPT=137 DPT=137 LEN=58 It appears that it is the kernel facility that is being logged. This makes sense since it's a kernel module that does the filtering. >From this portion of my "iptables -L" command LOG all -- anywhere anywhere LOG level warning prefix `Dropped: it appears that it's logging with a priority of 'warning'. When I wrote that I was "debugging" my firewall, I was trying to figure out why it isn't working. For the time being, I am assuming it is because of an incorrect firewall rule. I added a rule to display every received packet so I can see what is being received and what is being dropped. I didn't actually modify syslog.conf to log any facilities at the debug level to do this. > > You might want to try creating a log file local1 thru local7 I don't think this will make any difference since the firewall rules seem to be logging using the kernel facility. ...Stephen -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list