[syslog-ng] syslog partialy ignores the firewall filter...
eial at cs.bgu.ac.il
eial at cs.bgu.ac.il
Mon Feb 11 10:53:04 CET 2008
I've setup an firewall and I want to log the rejects to a separate log file, I've done that but I've not been able to drop the
messages from dmesg, here is my conf file
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo,v 1.7 2007/08/02 04:52:18 mr_bones_ Exp $
#
# Syslog-ng default configuration file for Gentoo Linux
# contributed by Michael Sterrett
options {
chain_hostnames(off);
sync(0);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
file("/proc/kmsg");
};
destination messages { file("/var/log/messages"); };
#firewall
filter f_firewall { match("Rejected: "); };
filter f_no_firewall { not match("Rejected: "); };
destination firewall { file("/var/log/iptables.log" owner("root") group("adm") perm(0640)); };
log { source(src); filter(f_firewall); destination(firewall); flags(final); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
log { source(src); filter(f_no_firewall); destination(messages); };
log { source(src); destination(console_all); };
how can I fix it?
thanks
More information about the syslog-ng
mailing list