[syslog-ng] syslog partialy ignores the firewall filter...

eial at cs.bgu.ac.il eial at cs.bgu.ac.il
Sun Feb 24 23:21:46 CET 2008 

ok, unfortunately, none of this has helped me
what I want to do is simple:
1. I want to log all iptables rejects to a different log [Done]
2. I want all iptables reject NOT to show in messages <=== that I cant seem to do.
thats what I'm trying to do but without an success  

On Mon 11 Feb 12:11 2008 Geller  Sandor (IT) wrote:
> Hi,
>  
> > -----Original Message-----
> > From: syslog-ng-bounces at lists.balabit.hu 
> > [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of 
> > eial at cs.bgu.ac.il
> > Sent: Monday, February 11, 2008 10:53 AM
> > To: syslog-ng at lists.balabit.hu
> > Subject: [syslog-ng] syslog partialy ignores the firewall filter...
> > 
> > I've setup an firewall and I want to log the rejects to a 
> > separate log file, I've done that but I've not been able to drop the
> > messages from dmesg, here is my conf file
> 
> dmesg shows the contents of the kernel ringbuffer, this has nothing to
> do with the syslog daemon
> 
> BTW your conffile could be made more efficient. Instead of matching
> against every log messages one could narrow down the filtering to the
> kernel facility, using a filter like this:
> 
> filter f_firewall {
> 	facility(kern) and match("Rejected :");
> };
> 
> If you were using the log-level and log-prefix options of iptables then
> a more efficient filter could be set up.
> 
> And later when you're using the final() statement then no messages would
> pass to the second log stanza which has matched this filter, so
> evaluating
> a second filter doesn't make sense as it won't match, only takes CPU
> cycles.
> 
> Regards,
> 
> Sandor
> --------------------------------------------------------
> 
> NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>

More information about the syslog-ng mailing list