Re: [tlug] Ignorance is bliss, expect in the case of syslog

[B0Ti <9915104t@example.com>]

Hi Josh,

> After being told the obvious yesterday (namely that iptables LOG targets > must come *before* they are DROPped), I have my iptables set up.
> However, I would like to log some classes of dropped packets, and I do 
> not want them to go into /var/log/syslog. I have syslog splitting things > up to my satisfaction, as per the attached syslog.conf file, but I 
> cannot figure out how to log the dropped packets to their own logfile.
The tutorial says: 

"All messages are logged through the kernel facility. In other words, setting kern.=info /var/log/iptables in your syslog.conf file and then letting all your LOG messages in iptables use log level info, would make all messages appear in the /var/log/iptables file. Note that there may be other messages here as well from other parts of the kernel that uses the info priority. "

> Any ideas? I have investigated the --log-prefix option to iptables, but 
> that does not set the "facility".
AFIAK iptables uses the kernel logger (with printk) and doesn't support syslog directly, that's why the facility can't be specified.

An alternative solution would be to use syslog-ng.


-- 
B0Ti.