Hi Rene, That's bang on the money! And for a bonus, you've told me how to get a separate firewall log file without having to do too much extra work. You've seriously made my day. Thanks.
My thanks also goes to Andrew and Julian for helpful extras in earlier posts. Cheers, Daniel. On 18:37 21-12-2003, Rene Cunningham wrote: > On Sun, Dec 21, 2003 at 02:26:40PM +1100, Daniel Bush wrote: > > example (iptables 'seems' to print this both to tty and > > /var/log/messages... ) > > ------------- > > IN=ppp0 OUT= MAC= SRC=63.154.36.125 DST=203.206.0.244 LEN=48 > > TOS=0x00 PREC=0x00 TTL=110 ID=12283 DF PROTO=TCP SPT=3830 DPT=135 > > WINDOW=8760 RES=0x00 S YN URGP=0 > > IN=ppp0 OUT= MAC= SRC=63.154.36.125 DST=203.206.0.244 LEN=48 > > TOS=0x00 PREC=0x00 TTL=110 ID=12305 DF PROTO=TCP SPT=3830 DPT=135 > > WINDOW=8760 RES=0x00 S YN URGP=0 > > ------------- > > You need to configure klogd to display messages with loglevels lower > than what your logging with iptables. Any sane firewall shouldnt be > logging these messages lower than KERN_WARNING (4). > > To configure klogd the debian (sid) way edit /etc/init.d/klogd and instead of > KLOGD="" use KLOGD="-c 3". > > Nifty trick is to log iptables stuff with --log-level debug, then throw > all kern.=debug into a file via syslog. That way you have a nice > firewall log that sits in a file. Dont forget to logrotate. > > -- > > Rene Cunningham > DCLabs Pty Ltd > http://www.dclabs.com.au > ---------------------------------------- > We are governed not by armies and police but by ideas. > -- Mona Caird, 1892 > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
