iptables logging

[ee99ee2]

Is there a way to have iptables log to something like /var/log/iptables? I know syslog is what does it, but is something like that possiable? I dunno much about the workings of syslog...

-ee99ee
_________________
ServerMotion

[magnet]

hello.

to log things with iptables, you'll need a kernel module ( CONFIG_IP_NF_TARGET_LOG ).
option related to logs are :

--log-prefix , to specify a prefix for data in the logs
--log-level , log's verbosity

a short exemple, how to log things that you DROP.
let's create a new chain :

[nephros]

I think he meant how to log into a specified file instead of the syslog rather than how to log at all.
Isn't that what ULOG is for?
from the kernel help:

[magnet]

oh

I shouldn t answer early in the morning !
_________________
every step aim at glory.

[ee99ee2]

Both answeres answered questions I had. Thanks!

-ee99ee
_________________
ServerMotion

[ikaro]

I use ULOG with shorewall, and its great.
Easy to setup too.
_________________
linux: #232767

[b0fh]

Yep, ulogd works nice, although I get masses of data
My mysql.log now reached nice 1,9GB because of ulogd inserting so much stuff... How can I prevent mysql to log every ulog event? Or would it be easier to simply wipe the log once a week?

[ikaro]

ULOGD only logs the stuff you send at it.
you can 1) dont actiavete so much logs to be sent to ulogd, 2) cron to wipe the log once a week , like you sugested, evt, gzip the old log, make a newone, and next week wipe the gziped etc..etc.., just in case you need to go back and check something on the last weeks log.
_________________
linux: #232767

[b0fh]

I'm trying to cycle logfiles via cron and savelog. But which signal does mysqld need to re-cycle it's logs? killall -HUP seems not to work.

[ikaro]

im affraid i cant help you with mysql, my setup is with plain files.
sorry.
_________________
linux: #232767