[syslog-ng]Iptables logging

syslog-ng@lists.balabit.hu syslog-ng@lists.balabit.hu
Tue, 22 Apr 2003 13:06:45 +0100


Better still, you can use iptables' log-prefix option to make it easier
for syslog-ng to regex match iptables entries.

Something like:

        iptables -t filter -N droplog
        iptables -t filter -A droplog -j LOG --log-prefix "iptables: warning:
DROP: " --log-level warning
        iptables -t filter -A droplog -j DROP

And then in syslog-ng.conf:

filter iptables {  match("^iptables: "); };

or similar should work I believe.

This assumes fine grained total control over all the syslogging iptables
entities of course -
if you're just capturing logs from Smoothwall or some other embedded Linux
product
you may not be quite so lucky.


Ted






************************************************************************************************
This E-mail message, including any attachments, is intended only for the person
or entity to which it is addressed, and may contain confidential information.
If you are not the intended recipient, any review, retransmission, disclosure,
copying, modification or other use of this E-mail message or attachments is
strictly forbidden.
If you have received this E-mail message in error, please contact the author and
delete the message and any attachments from your computer.
You are also advised that the views and opinions expressed in this E-mail
message and any attachments are the author's own, and may not reflect the views
and opinions of FLEXTECH Television Limited.
************************************************************************************************