I am having this exact same problem. KLOGD="-x -s"
kernel.printk = 4 4 1 7 (havn't restarted but, echo'd values to the proc file) syslogconf *.* /var/log/iptables.log dmesg shows logs from iptables and iptables.log shows other logging information now the interesting thing is after restarting klogd it sets printk to 7 4 1 7 this doesn't appear to effect the logging as it will log/not log regardless to this value being changed after restarting klogd i get the iptables logs it iptables.log but after restarting sysklogd it stops! then if i restart klogd again it works again any ideas? ----- Original Message ----- From: "hhding" <[EMAIL PROTECTED]> To: "Laurent Raufaste" <[EMAIL PROTECTED]> Cc: [email protected] Sent: Saturday, 23 February 2008 11:40:21 AM (GMT+1000) Australia/Sydney Subject: Re: Can't get iptables LOG or you can change /etc/default/klogd like this KLOGD="-x -s" -s Force klogd to use the system call interface to the kernel mes- sage buffers. Laurent Raufaste wrote: > Ok this was it ! > > Setting another value in /proc/sys/kernel/printk (and in sysctl.conf > for boot time) fixed it. > > Thanks a lot ! > > 2008/2/22, Thomas Hospenthal <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>>: > > Hello > > My Ubuntu Server didn't log eighter from iptables to syslogd. I > finally got it to work by telling the kernel log daemon (klogd) to > log everything from message level 4 and above. Iptables works in the > kernel and therefore its log messages will be logged in the kernel > log file (see /etc/syslog.conf). > > On my Ubuntu, I had to add "-c 4" to the parameter in /etc/default/ > klogd. The file itself says that > this method is depricated and you should use sysctl instead. I will > try that on my new server soon, but until then, this method seems to > work fine. > > HTH > > Tom > > Am 22.02.2008 um 11:54 schrieb Laurent Raufaste: > > > > Hi, > > > > I'm trying to get iptables to LOG on a xen virtual machine, but for > > some reason I can't get iptables to log. > > > > Here's what I'm doing: > > > > in /etc/syslog.conf I have: > > *.* /var/log/iptables.log > > > > I restarted syslog: > > # /etc/init.d/sysklogd restart > > Restarting system log daemon: syslogd. > > > > Now I setup the LOG rule: > > iptables -F > > iptables -X > > iptables -v -A INPUT -j LOG > > iptables -P INPUT ACCEPT > > iptables -P OUTPUT ACCEPT > > iptables -P FORWARD ACCEPT > > > > I can't make it simplier I think. > > > > I check if the rules are ok: > > # iptables -nvL > > Chain INPUT (policy ACCEPT 630 packets, 46742 bytes) > > pkts bytes target prot opt in out source > > destination > > 99 7092 LOG 0 -- * * 0.0.0.0/0 > <http://0.0.0.0/0> > > 0.0.0.0/0 <http://0.0.0.0/0> LOG flags 0 level 4 > > > > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > > pkts bytes target prot opt in out source > > destination > > > > Chain OUTPUT (policy ACCEPT 436 packets, 65874 bytes) > > pkts bytes target prot opt in out source > > destination > > > > I see that some packets are logged in, but I can't see anything in > > /var/log/iptables.log, or any other log file =( > > > > See: > > cat /var/log/iptables: > > Feb 22 11:51:09 jfg-pgslave2 syslogd 1.4.1#18: restart. > > > > Nothing more, even by generating some traffic. > > I don't see why it does not work (it works on other boxes) and I > don't > > see how I can look deeper in order to debug this behavior =( > > I'm using a debian etch. > > > > Thanks for the help ! > > > > -- > > Laurent Raufaste > > <http://www.glop.org/> > > > > > > > -- > > To UNSUBSCRIBE, email to > [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > > -- > Laurent Raufaste > <http://www.glop.org/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
