Ah, thanks for the example. I wasn't thinking about using this approach so I could write to different files instead of just being able to pre-pend some sort of tag.
I had assumed you needed to LOG before ACCEPTING, but I can see that between these 2 actions, there really isn't a priority. Marco On Wed, Jan 19, 2011 at 10:55 AM, solarflow99 <[email protected]> wrote: > depends on the volume, its only writing to a text file. It does use > syslog, here's an example, hope it helps.. > > -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT > -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j LOG > --log-level 7 --log-prefix "**---- SSL Connection: " > > in the /etc/syslog.conf file: > > > #Log iptables stuff to iptables log > kern.7 /var/log/iptables > > > On Wed, Jan 19, 2011 at 8:35 AM, Marco Shaw <[email protected]> wrote: >> I'm looking at turning on iptables logging to capture most of the >> traffic hitting my RHEL4 and 5 servers. >> >> -Is anyone aware of the potential performance impacts of logging all >> traffic? (I know it depends on what level of traffic is involved, but >> I thought I'd ask.) >> -Does it involve syslog? >> -Is there any known issues with running log rotation on the logs? >> (Does iptables properly handle things when the current log file is >> removed to be rotated and compressed?) _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
