How do I stop iptables logs going into dmesg?

Robert S

I have just installed iptables - I'm going to use it to block incoming connections (I've already got a hardware firewall

). I use syslog-ng and currently all logs go into /var/log/messages. I want to keep iptables logs out of this file and out of dmesg. I've managed to get iptables logs out of /var/log/messages by using this rule:

iptables -A INPUT -i eth0 -m limit --limit 1/sec -j LOG --log-prefix "iptables "

and putting this into /etc/syslog-ng/syslog-ng.conf
options {
long_hostnames(off);
sync(0);
stats(43200);
};
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
destination messages { file("/var/log/messages"); };
destination console_all { file("/dev/tty12"); };
destination iptables { file("/var/log/iptables.log"); };
filter f_iptables { match("iptables "); };
log { source(src); filter(f_iptables); destination(iptables); flags(final); };
log { source(src); destination(messages); };
log { source(src); destination(console_all); };

All seems to be fine - the logs turn up into /var/log/iptables.log, but they still appear when I do "dmesg". How do I stop this??

P.S. Can anybody point me to a SIMPLE script to start up iptables? I don't need to do routing or NAT. Most of the "simple" ones around are horrifically complex.

ikaro · Advocate Joined: 14 Jul 2003 Posts: 2527 Location: Denmark

might be what you were asking, but with shorewall you can use ULOG in a easy way.
ps: remember to compile ulog in the kernel aswell

_________________
linux: #232767

Robert S · Posted: Sat May 07, 2005 4:12 am Post subject:

I'd like to keep it simple and avoid shorewall if possible. I'll have a little look at shorewall on a "test" machine however.

Robert S · Posted: Sat May 07, 2005 7:36 am Post subject: Fixed!!

I've fixed it without using shorewall. Its very easy to configure and run ulogd.

ikaro · Advocate Joined: 14 Jul 2003 Posts: 2527 Location: Denmark

you could post how you fixed it, usually its good maners

So the next person can find a solution by searching the forums.
_________________
linux: #232767

Robert S · Posted: Sun May 08, 2005 3:25 am Post subject:

OK. Good thinking. Its so easy that its almost not necessary to do this.

# emerge ulogd

# Edit /etc/ulogd.conf thus:
nlgroup 1
logfile /var/log/ulogd.log
loglevel 5
rmem 131071
bufsize 150000
plugin /usr/lib64/ulogd/ulogd_BASE.so
syslogfile /var/log/ulogd.syslogemu
syslogsync 1
plugin /usr/lib64/ulogd/ulogd_LOGEMU.so
dumpfile /var/log/ulogd.pktlog
pcapfile /var/log/ulogd.pcap
pcapsync 1

# Start it!
/etc/init.d/ulogd start

# That's all!! You can also send logs to mysql. I won't bother with this.

I'll get logrotate to rotate logs daily and will do a script which will report any output every day. I'd like to do something that doesn't just output lines of identical output, but prints each line of output and how many times it appeared. Suggestions???

Takk · n00b Joined: 27 Mar 2004 Posts: 12

If you need a simple IPTables configuration file, try this site:

http://www.netfilter.org/documentation/index.html#documentation-howto

About the other thing, I'm building a PHP application that does iptables log analysis for my final graduation project. I'll place a copy on my homepage when finished. There are lots of good tools that do it so, but I don't remember any now.

rogerx · Tux's lil' helper Joined: 06 Apr 2004 Posts: 118

This ulog tip should be incorporated into the Gentoo Shorewall Wiki ... if it really solves the shorewall logs > dmesg issue.

FYI: This *is* a faq concerning Shorewall.
_________________
Roger
http://rogerx.freeshell.org/