On Mon, Jun 11, 2001 at 07:11:00PM +0100, Tim Haynes wrote: > Stefan Srdic <[EMAIL PROTECTED]> writes: > > > Anyway, as you can guess I am using netfilter for firewalling. > > > > How can I pipe all logs from Netfilter into a single logfile? > > > > Lets say I wanted all log messages from netfilter to be loged into > > /var/log/netfilter. How could I accomplish that? > > FWIW, my approach: assert a log-prefix in your logging iptables rules, and > install syslog-ng with a regexp match to pick up your prefix (make it > distinctive, eg 'Catch-all: .*IN=.*OUT=' would probably be precise enough). > Here is an alternative approach which I took. I think it is a little easier.
If you create a user defined chain something like the following: iptables -N log_droped iptables -A log_droped -j LOG --log-level 1 --log-prefix "droped_::" iptables -A log_droped -j DROP And make all your firewall rules that need to be dropped -j (jump) to this chain then they will be logged at log-level 1 (Alert). Then, if you edit /etc/syslog.conf and append the following line: kern.=alert -/var/log/firewall.log (Nb. line up with tabs) Then syslog will log all logs at level alert to the separate file. Not much else gets logged at level alert so it should be OK and not upset other logging. Thus, the firewall will log to /var/log/firewall.log - just create this file with touch. Hth. Mark.
