[syslog-ng] iptables logging in a separate logfile works not properly
Szalay Attila
sasa at pheniscidae.tvnetwork.hu
Fri May 29 16:29:33 CEST 2009
Hi,
On Fri, 2009-05-29 at 14:15 +0200, Ralf Heidenreich wrote:
> Hello,
>
> I have the following line in iptables:
> iptables -A INPUT -j LOG --log-prefix "INPUT: "
> In syslog-ng (/etc/syslog-ng/syslog-ng.conf) I have the following config:
[...]
> filter iptables { match("INPUT:"); };
> log { source(s_sys); filter(iptables); destination(iptables); };
[...]
> filter f_default { level(info..emerg) and
> not (facility(mail)
> or facility(authpriv)
> or facility(cron)); };
[...]
> log { source(s_sys); filter(f_default); destination(d_mesg); };
syslog-ng do not stop the evaluation when a destination is found. And
because of this and because the second log statement is matching to the
line the syslog-ng store it to the message too.
If you want to order the syslog-ng to stop you can use the final
directive.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1937 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090529/df260245/attachment.bin
More information about the syslog-ng
mailing list