ok, unfortunately, none of this has helped me what I want to do is simple: 1. I want to log all iptables rejects to a different log [Done] 2. I want all iptables reject NOT to show in messages <=== that I cant seem to do. thats what I'm trying to do but without an success On Mon 11 Feb 12:11 2008 Geller Sandor (IT) wrote:
Hi,
-----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of eial@cs.bgu.ac.il Sent: Monday, February 11, 2008 10:53 AM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] syslog partialy ignores the firewall filter...
I've setup an firewall and I want to log the rejects to a separate log file, I've done that but I've not been able to drop the messages from dmesg, here is my conf file
dmesg shows the contents of the kernel ringbuffer, this has nothing to do with the syslog daemon
BTW your conffile could be made more efficient. Instead of matching against every log messages one could narrow down the filtering to the kernel facility, using a filter like this:
filter f_firewall { facility(kern) and match("Rejected :"); };
If you were using the log-level and log-prefix options of iptables then a more efficient filter could be set up.
And later when you're using the final() statement then no messages would pass to the second log stanza which has matched this filter, so evaluating a second filter doesn't make sense as it won't match, only takes CPU cycles.
Regards,
Sandor --------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html