Hi,
-----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of eial@cs.bgu.ac.il Sent: Monday, February 11, 2008 10:53 AM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] syslog partialy ignores the firewall filter...
I've setup an firewall and I want to log the rejects to a separate log file, I've done that but I've not been able to drop the messages from dmesg, here is my conf file
dmesg shows the contents of the kernel ringbuffer, this has nothing to do with the syslog daemon BTW your conffile could be made more efficient. Instead of matching against every log messages one could narrow down the filtering to the kernel facility, using a filter like this: filter f_firewall { facility(kern) and match("Rejected :"); }; If you were using the log-level and log-prefix options of iptables then a more efficient filter could be set up. And later when you're using the final() statement then no messages would pass to the second log stanza which has matched this filter, so evaluating a second filter doesn't make sense as it won't match, only takes CPU cycles. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.