[syslog-ng]Logging to a specific destination
syslog-ng@lists.balabit.hu
syslog-ng@lists.balabit.hu
Thu, 12 Aug 2004 19:50:02 +0100
I think the problem may be that as iptables logs under the KERN facility,
the iptables logs are being directed to /var/log/messages with all of the
other kernel logs. It's not a certainty, I'm taking this information from a post
on the debian security list. I guess you could either just apply the
f_niptab filter to the /var/log/messages destination (which i assume that
you have omitted here) or just create another filter that drops all kernel
messages to /var/log/messages.
Of course I may just be making a complete fool out of myself. Anyone care
to correct/elaborate/expand/flame?
mark
On Thu, Aug 12, 2004 at 01:33:38PM -0500, Anoop Rajendra wrote:
> I need to log all messages from iptables, ipmasq to a particular file
> (say iptables.log) and to that only and nothing else. Is there a way to
> specifically define this, ie say that messages from this daemon should
> go nowhere else? i've tried -
>
> # IPMasq Messages
> destination ipmasq { file("/var/log/iptables.log" owner("root") group("adm") perm(0640)); };
>
> filter f_iptables( match("iptables"); );
> filter fn_iptables( not match("iptables"); );
>
> log { source(src); filter(f_authpriv); filter(fn_iptab); destination(authlog); };
> log { source(src); filter(f_syslog); filter(fn_iptab); destination(syslog); };
> log { source(src); filter(f_daemon); filter(fn_iptab); destination(daemon); };
> log { source(src); filter(f_kern); filter(fn_iptab); destination(kern); };
> log { source(src); filter(f_lpr); filter(fn_iptab); destination(lpr); };
> log { source(src); filter(f_mail); filter(fn_iptab); destination(mail); };
> log { source(src); filter(f_user); filter(fn_iptab); destination(user); };
> log { source(src); filter(f_uucp); filter(fn_iptab); destination(uucp); };
>
> log { source(src); filter(f_iptab); destination(ipmasq); };
>
> Yet all the IPMasq messages are passed top both iptables.log and /var/log/messages.
>
> All IPMasq messages are prefixed with the string "iptables" using --log-prefix iptables
>
> What am I doing wrong?
>
>
> Thanks,
> Anoop ///
> ________________________________________________
> Everybody has something to conceal. -- Humphrey Bogart
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>