You can adjust what gets printed selectively by tuning your iptables rules, syslog.conf, and adjusting the kernel internals directly (with dmesg). Yes, the messages are always going to be associated with the kern facility, but you can specify, with each rule, what the log level should be. I imagine that currently, you're not specifying it, and either it defaults to one of the higher level warnings, which by default in your syslog.conf, will get printed to the console, or your syslog.conf specifies that all kernel messages be printed to the console (default on most redhat systems?) - or as Glen just suggested while I was typing this, it doesn't matter because your echoing everything to the console, which can be changed with dmesg.
Check that your specifying "--log-level info" with each of your rules, or ensure you know what the default log level is
Check your syslog.conf and see what is getting echo'd to the console. Relevant lines look like:
kern.* /dev/console
Once you're sure syslog isn't going to dole it out, set the level that will be hard printed by the kernel with dmesg as Glen suggested
Aaron J.
Brian A. Henning wrote:
Hi folks, I have my iptables set to log packets that are destined to be dropped, with the hope of being able to discover trends in the undesirable stuff coming my way and perhaps create more efficient rules to deal with them. So here's my issue: iptables uses the syslog logging mechanism, with its messages apparently falling under the kern facility. Is there a way to configure syslogd to separate out messages from iptables for logging in a separate file? Or at least to stop iptables log messages from getting sent to the console, but without precluding all other kernel messages from going to the console? I can later grep out the iptables messages from /var/log/messages with a perl script if necessary. My immediate concern is to stop iptables messages from going to the console, as they can at times come frequently enough to severely interfere with useful console interaction.
Thanks for the help, ~Brian
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
