Help!

Diverting log entries
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> General Discussions (archive 1) RSS
Next:  glibc upgrade carelessly  
Author Message
Schraalhans Keukenmeester
External


Since: Apr 25, 2006
Posts: 28
PostPosted: Sun May 07, 2006 8:03 pm    Post subject: Diverting log entries
Archived from groups: comp>os>linux>misc (more info?)
iptables logs to /var/log/messages by default. (Taken care of by syslogd?)

I am currently testing several settings for iptables that generate a lot
of data in the log. I would like to separate this stream from the
syslog. Right now I grep the messages output and filter it to a second file.

(How) Can I make iptables place its log entries in a separate file
instead ? I checked man syslog.conf and can find a specifier or socalled
facility for iptables log info.

If this is a useless quest, just say so and I'll keep on grepping.
TIA
Sh.

--
#Debian makes me feel all warm and fuzzy inside. Smile
-- HippieGuy on #Debian
Back to top
Schraalhans Keukenmeester
External


Since: Apr 25, 2006
Posts: 28
PostPosted: Sun May 07, 2006 8:37 pm    Post subject: Re: Diverting log entries [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Schraalhans Keukenmeester wrote:
> iptables logs to /var/log/messages by default. (Taken care of by syslogd?)
>
> I am currently testing several settings for iptables that generate a lot
> of data in the log. I would like to separate this stream from the
> syslog. Right now I grep the messages output and filter it to a second
> file.
>
> (How) Can I make iptables place its log entries in a separate file
> instead ? I checked man syslog.conf and can find a specifier or socalled
^^^
Can = cannot. Sry
--
This screen intentionally left blank.
Back to top
Michael Heiming
External


Since: Apr 04, 2004
Posts: 3526
PostPosted: Sun May 07, 2006 8:37 pm    Post subject: Re: Diverting log entries [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
In comp.os.linux.misc Schraalhans Keukenmeester <firstname_DOT_lastname_AT_xs4all_DOT_nl>:
> iptables logs to /var/log/messages by default. (Taken care of by syslogd?)

> I am currently testing several settings for iptables that generate a lot
> of data in the log. I would like to separate this stream from the
> syslog. Right now I grep the messages output and filter it to a second file.

> (How) Can I make iptables place its log entries in a separate file
> instead ? I checked man syslog.conf and can find a specifier or socalled
> facility for iptables log info.

Iptables uses (iirc) kern.log as default facility (can be
changed) you can direct those to another file but will in
addition get other messages their, see syslog.conf(5).

For complete control, you could run syslog-ng and setup iptables
to use a custom log prefix (iptables(Cool) and let syslog-ng direct
it where you want. Just keep an eye on logrotate(Cool if running
longer.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry.TakeThisOut@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 39: terrorist activities
Back to top
Schraalhans Keukenmeester
External


Since: Apr 25, 2006
Posts: 28
PostPosted: Sun May 07, 2006 11:43 pm    Post subject: Re: Diverting log entries [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Michael Heiming wrote:
> In comp.os.linux.misc Schraalhans Keukenmeester <firstname_DOT_lastname_AT_xs4all_DOT_nl>:
>
>>iptables logs to /var/log/messages by default. (Taken care of by syslogd?)
>
>
>>I am currently testing several settings for iptables that generate a lot
>>of data in the log. I would like to separate this stream from the
>>syslog. Right now I grep the messages output and filter it to a second file.
>
>
>>(How) Can I make iptables place its log entries in a separate file
>>instead ? I checked man syslog.conf and can find a specifier or socalled
>>facility for iptables log info.
>
>
> Iptables uses (iirc) kern.log as default facility (can be
> changed) you can direct those to another file but will in
> addition get other messages their, see syslog.conf(5).

Yep, correct.

> For complete control, you could run syslog-ng and setup iptables
> to use a custom log prefix (iptables(Cool) and let syslog-ng direct
> it where you want. Just keep an eye on logrotate(Cool if running
> longer.
>

Great. Hadn't seen syslog-ng before. Exactly what I like/need.
Installed, configured and doing exactly what I wanted, and more.
I think I also got logrotate for this new log stream covered, I'll check
tomorrow.

Thanks a lot Michael!

Robby, thanx for your suggestion as well, will stick to MH's solution
for now. But took note of yours. Never know when it may come in handy.

KR

Sh.
--
This MUST be a good party -- My RIB CAGE is being painfully pressed up
against someone's MARTINI!!
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> General Discussions (archive 1) All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum