[syslog-ng]Iptables logging
Jonathan Galand
syslog-ng@lists.balabit.hu
20 Apr 2003 02:07:24 +0200
--=-3/Fla1ZegM99hoyjBOBd
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Hi all,
i would like to have some iptables logs but only in a specific file (
/var/log/iptables.log in my config ). how can I do that ??
here's my config :=20
options { long_hostnames(off); sync(0); stats(43200); };
source src { unix-stream("/dev/log"); file("/proc/kmsg"); internal(); };
destination authlog { file ("/var/log/auth.log"); };
destination syslog { file ("/var/log/syslog"); };
destination cron { file ("/var/log/cron.log"); };
destination daemon { file ("/var/log/daemon.log"); };
destination kern { file ("/var/log/kern.log"); };
destination lpr { file ("/var/log/lpr.log"); };
destination user { file ("/var/log/user.log"); };
destination uucp { file ("/var/log/uucp.log"); };
destination ppp { file ("/var/log/ppp.log"); };
destination mail { file ("/var/log/mail.log"); };
destination mailinfo { file ("/var/log/mail.info"); };
destination mailwarn { file ("/var/log/mail.warn"); };
destination mailerr { file ("/var/log/mail.err"); };
destination newscrit { file ("/var/log/news/news.crit"); };
destination newserr { file ("/var/log/news/news.err"); };
destination newsnotice { file ("/var/log/news/news.notice"); };
destination debug { file ("/var/log/debug"); };
destination messages { file ("/var/log/messages"); };
destination console_all { file("/dev/tty12"); };
destination iptables { file("/var/log/iptables.log"); };
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };
filter f_news { facility(news); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_iptables { match("Alert!"); };
log { source (src);
filter (f_authpriv);
destination (authlog); };
log { source (src);
filter (f_syslog);
destination (syslog); };
log { source (src);
filter (f_cron);
destination (cron); };
log { source (src);
filter (f_daemon);
destination (daemon); };
log { source (src);
filter (f_kern);
destination (kern); };
log { source (src);
filter (f_lpr);
destination (lpr); };
log { source (src);
filter (f_mail);
destination (mail); };
log { source (src);
filter (f_user);
destination (user); };
log { source (src);
filter (f_uucp);
destination (uucp); };
log { source (src);
filter (f_mail);
filter (f_info);
destination (mailinfo); };
log { source (src);
filter (f_mail);
filter (f_warn);
destination (mailwarn); };
log { source (src);
filter (f_mail);
filter (f_err);
destination (mailerr); };
log { source (src);
filter (f_news);
filter (f_crit);
destination (newscrit); };
log { source (src);
filter (f_news);
filter (f_err);
destination (newserr); };
log { source (src);
filter (f_news);
filter (f_notice);
destination (newsnotice); };
log { source (src);
filter (f_debug);
destination (debug); };
log { source (src);
filter (f_messages);
destination (messages); };
log { source (src);
filter (f_emergency);
destination (console_all); };
log { source (src);
filter (f_iptables);
destination (iptables); };
--=20
Don't Fear The Penguins They Will Free Your Computer.
--=-3/Fla1ZegM99hoyjBOBd
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA+oeS8J3JAdltr3W8RAgrdAKDAIj/mtjiYar0ZuQryHtTF/8idHwCfUIgJ
mSbjD+NA8b3jCGQdpNDNQnM=
=cFbW
-----END PGP SIGNATURE-----
--=-3/Fla1ZegM99hoyjBOBd--