_____  

From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of zze-KHOURY Jad
FTRD/DMI/CAE
Sent: Friday, April 30, 2004 1:33 AM
To: netfilter@lists.netfilter.org
Subject: (no subject)



Hi, 
 I'm having some problems finding how to log ONLY iptable log messages to
another file other than messages. So I made some changes in the
"sylsog.conf" file by adding: kern.warning /var/log/firewall since the
Default log level entry is" warning". But I still reveive some message other
than the packets, from the kernel itself!

 how can I limit the input messages to only Netfilter packets? 
What should I change in the syslog.conf file If I don't want to receive
Netfilter messages in this file? 
  

regards 
Jad  

 

           To isolate firewall log messages into a separate or dedicated
file. By default, netfilter logs to the kern.info syslog facility. This
places all the firewall log messages into /var/log/messages along with all
other kernel messages. This behavior is not exceedingly friendly for
firewall log parsing and analysis. However, since the Linux kernel logs very
little by default at the “debug” level, there is an easy solution. Follow
these steps:

 

§         Set logging level to “debug” in the firewall script:

 

LOG_LEVEL="debug"

 

§         Place the LOG_LEVEL variable in rule sets for all packets to be
logged:

 

-j LOG --log-level $LOG_LEVEL

 

§         Tell syslog to log only kernel.debug messages to the firewall log
file:

 

kern.=debug
/var/log/iptables/iptables.log

 

§         Tell syslog not to place firewall messages into /var/log/messages:

 

*.*;kern.!=debug        /var/log/messages

 

§         Restart syslog: ./etc/init.d/syslog restart