syslog-ng missing facility/priority?

[bart]

Before I started using syslog-ng, I used good old default syslogd. That one captured all the packages detected by my iptables firewall. I don't know what facility/priority, but they were shown in my logfiles.

The default syslog-ng configuration don't show them, so wrote my own configuration to split up all the facilities and priorities (yes, that's a really big configurationfile )

Now my /var/log is full of different logfiles, but the packages blocked by iptables are still not shown.

The priorities I use are: auth, authpriv, cron, daemon, ftp, kern, local0..7, lpr, mail, news, user and uucp. The levels are: debug, info, notice, warning, err, crit, alert and emerg (emerg without a 'e'! Wow, that's strange ).
Am I missing something?

Formaly it works without the '--log-level' option for iptables. I tried some of the levels but still don't appear.

[bart]

I remember, iptables logs with kern.warning by default. Why don't they appear in my /var/log/kern_warning???

[bart]

Ooops. I forgot a source...
source src { unix-stream("/dev/log"); internal(); };
source kernsrc { file("/proc/kmsg"); }; <==

But still a question: The default configuration didn't show them. I think it is because kern-messages with priority warning and lower aren't logged by default. With good old klogd there was an option '-c <loglevel>'. Default the loglevel is 5, but I set it to 4 (to include the netfilter warnings).
How can we change the minimum loglevel for kernel messages?

[kang_]

i use syslog-ng and my iptables hits output to kern.*
this is by default i think
check /var/log/kern.log

check that you are effectively logging the firewall hits in iptables

personnally i created a chain for this
$IPTABLES -N drop-and-log-it
$IPTABLES -A drop-and-log-it -j LOG --log-level info
$IPTABLES -A drop-and-log-it -j DROP


and use it as target for dropped packets:
IPTABLES -A INPUT -i $EXTIF -s $INTNET -d $UNIVERSE -j drop-and-log-it
(this is an example of course)