hmm, I pasted the wrong order of the lines, I think you do need log before accept.
On Wed, Jan 19, 2011 at 10:20 AM, Marco Shaw <[email protected]> wrote: > Ah, thanks for the example. I wasn't thinking about using this > approach so I could write to different files instead of just being > able to pre-pend some sort of tag. > > I had assumed you needed to LOG before ACCEPTING, but I can see that > between these 2 actions, there really isn't a priority. > > Marco > > On Wed, Jan 19, 2011 at 10:55 AM, solarflow99 <[email protected]> wrote: >> depends on the volume, its only writing to a text file. It does use >> syslog, here's an example, hope it helps.. >> >> -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT >> -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j LOG >> --log-level 7 --log-prefix "**---- SSL Connection: " >> >> in the /etc/syslog.conf file: >> >> >> #Log iptables stuff to iptables log >> kern.7 /var/log/iptables >> >> >> On Wed, Jan 19, 2011 at 8:35 AM, Marco Shaw <[email protected]> wrote: >>> I'm looking at turning on iptables logging to capture most of the >>> traffic hitting my RHEL4 and 5 servers. >>> >>> -Is anyone aware of the potential performance impacts of logging all >>> traffic? (I know it depends on what level of traffic is involved, but >>> I thought I'd ask.) >>> -Does it involve syslog? >>> -Is there any known issues with running log rotation on the logs? >>> (Does iptables properly handle things when the current log file is >>> removed to be rotated and compressed?) > > _______________________________________________ > rhelv5-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/rhelv5-list > _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
