Re: correct "Debian" way to log iptables to seperate file
On Thu, Jun 19, 2008 at 12:16:15AM -0500, JW wrote: > Hello, > > Iptables is annoying me by: > > 1) printing logs to the console > > 2) filling my /var/log/messages up with the same logs, which then get picked > up and uselessly emailed to me by logcheck and logwatch. > > Of course all the logging is controlled by syslog, not iptables. > > What I really want is for those logs (which are not worthy of > their "kernel.warning" status) to go to their own file. > > Google searching has turned up dozens of possible options, all of which seem > like rather untidy hacks. > > What's the "right" way to do it? iptables LOG messages come from kernel: if you want to keep using syslogd, then you need to change all your LOG rules to ULOG (install ulogd) which gives you more options files, syslog, DB etc > > JW > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- "The Iraqis need to be very much involved. They were the people that was brutalized by this man." - George W. Bush 12/15/2003 Washington, DC signature.asc Description: Digital signature
Re: correct "Debian" way to log iptables to seperate file
also sprach JW <[EMAIL PROTECTED]> [2008.06.19.0716 +0200]: > Iptables is annoying me by: > > 1) printing logs to the console > > 2) filling my /var/log/messages up with the same logs, which then > get picked up and uselessly emailed to me by logcheck and > logwatch. So remove the rules that jump to the LOG chain. I assume you're using some sort of "firewall" tool which generates those. You ought to look there for the problem and then hit the maintainer with the cluebat. > What I really want is for those logs (which are not worthy of > their "kernel.warning" status) to go to their own file. Check out syslog-ng, which can do filtering based on line content/regexps. PS: nothing Debian-specific in this at all... -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems "'the answer to the great question...' 'of life, the universe and everything...' said deep thought. 'is...' said deep thought, and paused. 'is...' 'forty-two,' said deep thought, with infinite majesty and calm." -- hitchhiker's guide to the galaxy digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: correct "Debian" way to log iptables to seperate file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/19/08 00:16, JW wrote: > Hello, > > Iptables is annoying me by: > > 1) printing logs to the console > > 2) filling my /var/log/messages up with the same logs, which then get picked > up and uselessly emailed to me by logcheck and logwatch. > > Of course all the logging is controlled by syslog, not iptables. > > What I really want is for those logs (which are not worthy of > their "kernel.warning" status) to go to their own file. > > Google searching has turned up dozens of possible options, all of which seem > like rather untidy hacks. > > What's the "right" way to do it? Use the system logger. You're probably using the default, sysklogd, and it's control file /etc/syslog.conf. So, study up on it, particularly "$ man 5 syslog.conf", and Google from there. - -- Ron Johnson, Jr. Jefferson LA USA "Kittens give Morbo gas. In lighter news, the city of New New York is doomed." -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkhaAoQACgkQS9HxQb37Xmd3qgCgn2vSvqQwL+o6kp10fc3oFxhT Mo0AoLO/8rX4K5vP+nL98YL04re7NKVl =1oS0 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
correct "Debian" way to log iptables to seperate file
Hello, Iptables is annoying me by: 1) printing logs to the console 2) filling my /var/log/messages up with the same logs, which then get picked up and uselessly emailed to me by logcheck and logwatch. Of course all the logging is controlled by syslog, not iptables. What I really want is for those logs (which are not worthy of their "kernel.warning" status) to go to their own file. Google searching has turned up dozens of possible options, all of which seem like rather untidy hacks. What's the "right" way to do it? JW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
