Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. iptables>
  3. User
iptables logging
rfg at monkeys
Jul 29, 2001, 5:00 PM
Post #1 of 4 (663 views)
Permalink
I am new to iptables, and I have a trivia question...

Is there any easy way to arrange for the Linux iptables LOG target (or
some other user-defined target) to log stuff to the syslog security.*
facility, rather than to the kern.* facility?

If so, I'd really like to do that. It will make me a bit more comfortable
as I administer both FreeBSD and Linux systems. (On FreeBSD, firewall
logging goes to the security.*/auth.* facility.)
Re: iptables logging [ In reply to ]
aaz at webcapacity
Jul 29, 2001, 5:10 PM
Post #2 of 4 (657 views)
Permalink
piggybacking on Ronalds question, how do you specify the log file to log to
rather than everything going to messages?

----- Original Message -----
From: "Ronald F. Guilmette" <rfg@monkeys.com>
To: <netfilter@lists.samba.org>
Sent: Sunday, July 29, 2001 6:00 PM
Subject: iptables logging


>
> I am new to iptables, and I have a trivia question...
>
> Is there any easy way to arrange for the Linux iptables LOG target (or
> some other user-defined target) to log stuff to the syslog security.*
> facility, rather than to the kern.* facility?
>
> If so, I'd really like to do that. It will make me a bit more comfortable
> as I administer both FreeBSD and Linux systems. (On FreeBSD, firewall
> logging goes to the security.*/auth.* facility.)
>
>
Re: iptables logging [ In reply to ]
kakadu at earthlink
Jul 29, 2001, 5:21 PM
Post #3 of 4 (658 views)
Permalink
Mr. aaz, Mr. Guilmette,

To answer Mr. aaz's question, you can configure syslogd to route
kernel messages
to another file, or to another system if you like. To answer Mr.
Guilmette's question,
no. Not for the LOG target. However, the ULOG target, in combination
with ulogd (IIRC)
can log stuff to a different spot. LOG just uses printk(), and klogd
logs all printk()s
from the kernel with the kern.* facility.

Brad

aaz wrote:

> piggybacking on Ronalds question, how do you specify the log file to log to
> rather than everything going to messages?
>
> ----- Original Message -----
> From: "Ronald F. Guilmette" <rfg@monkeys.com>
> To: <netfilter@lists.samba.org>
> Sent: Sunday, July 29, 2001 6:00 PM
> Subject: iptables logging
>
>
>> I am new to iptables, and I have a trivia question...
>>
>> Is there any easy way to arrange for the Linux iptables LOG target (or
>> some other user-defined target) to log stuff to the syslog security.*
>> facility, rather than to the kern.* facility?
>>
>> If so, I'd really like to do that. It will make me a bit more comfortable
>> as I administer both FreeBSD and Linux systems. (On FreeBSD, firewall
>> logging goes to the security.*/auth.* facility.)
>>
>>
Re: iptables logging [ In reply to ]
rfg at monkeys
Jul 29, 2001, 6:10 PM
Post #4 of 4 (662 views)
Permalink
In message <02c301c1188c$069a0610$0200a8c0@SYSTEM>, you wrote:

>piggybacking on Ronalds question, how do you specify the log file to log to
>rather than everything going to messages?


Well, this is one that even I can answer...

The iptables logging messages are logged via the syslog daemon.

That daemon can be configured to send the log messages anywhere you want.

You need to read the man page for syslog.conf(5).

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal