On Sun, Dec 21, 2003 at 02:26:40PM +1100, Daniel Bush wrote: > example (iptables 'seems' to print this both to tty and > /var/log/messages... ) > ------------- > IN=ppp0 OUT= MAC= SRC=63.154.36.125 DST=203.206.0.244 LEN=48 > TOS=0x00 PREC=0x00 TTL=110 ID=12283 DF PROTO=TCP SPT=3830 DPT=135 > WINDOW=8760 RES=0x00 S YN URGP=0 > IN=ppp0 OUT= MAC= SRC=63.154.36.125 DST=203.206.0.244 LEN=48 > TOS=0x00 PREC=0x00 TTL=110 ID=12305 DF PROTO=TCP SPT=3830 DPT=135 > WINDOW=8760 RES=0x00 S YN URGP=0 > -------------
You need to configure klogd to display messages with loglevels lower than what your logging with iptables. Any sane firewall shouldnt be logging these messages lower than KERN_WARNING (4). To configure klogd the debian (sid) way edit /etc/init.d/klogd and instead of KLOGD="" use KLOGD="-c 3". Nifty trick is to log iptables stuff with --log-level debug, then throw all kern.=debug into a file via syslog. That way you have a nice firewall log that sits in a file. Dont forget to logrotate. -- Rene Cunningham DCLabs Pty Ltd http://www.dclabs.com.au ---------------------------------------- We are governed not by armies and police but by ideas. -- Mona Caird, 1892 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
