On Fri, Jun 15, 2001 at 08:30:37PM +0200, Jean-Marc Boursot wrote: > On Friday 15 June 2001 16:32, Stefan Srdic wrote: > > > > > > If you create a user defined chain something like the following: > > > > > > iptables -N log_droped > > > iptables -A log_droped -j LOG --log-level 1 --log-prefix > > > "droped_::" iptables -A log_droped -j DROP > > > > > > And make all your firewall rules that need to be dropped -j (jump) > > > to this chain then they will be logged at log-level 1 (Alert). > > > > > > Then, if you edit /etc/syslog.conf and append the following line: > > > kern.=alert -/var/log/firewall.log > > > (Nb. line up with tabs) > > > > > > Then syslog will log all logs at level alert to the separate file. > > > Not much else gets logged at level alert so it should be OK and not > > > upset other logging. > > Isn't there a problem? Logs at level notice (5) and below are sent to > the console. If host activity is too high, console will become unusable > (kind of DoS).
Use the magic sysrequest key to change to console log level, or use setterm -msglevel. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE
