On 8/8/03 2:48 pm, "Thomas T. Veldhouse" <[EMAIL PROTECTED]> wrote:
> I am not a syslog expert, so need some help. I have rules in my firewall
> for logging, but currently, it is all logged into my syslog file. How do I
> setup syslog to filter them out and put them in a separate file. Does
> anybody here have a scheme for this? What I mean is, do you use multiple
> files for various firewall rules? How did you set this up?
I have recently started using syslog-ng, which is designed for filtering of
syslog messages. I think if you emerge'd this syslogger you would find this
task relatively trivial.
If you search the archives by my name & "syslog-ng", you should find a
couple of threads in which this fantastic logger has been discussed.
I think a filter something like:
destination firew { file("/var/log/firewall"); };
filter f_iptables { program("iptables"); };
log { source(src); filter(f_iptables); destination(firew); flags(final); };
Should catch all iptables messages into a separate logfile.
HTH,
Stroller.
--
Enjoyed this post? Thanks for reading - please consider employing me!
Technical support / system administration - CV available on request
Linux / Unix / Windows / Mac OS X - UK or anywhere considered
--
[EMAIL PROTECTED] mailing list
