You are not logged in.
How to setup iptables log with syslog-ng and only log in a single file, say firewall.log or iptables.log?
The default syslog-ng.conf won't log about iptables.
Offline
I would be interested in this as well. How do you set up iptables to log to a certain file?
Offline
what I did...
I set my iptables logging prefix to "IPT".
Then, in syslog-ng, set kern and debug filters to add 'and not match("IPT")'.
Then I created an iptables entry in syslog-ng
filter f_kernel { facility(kern) and not match("IPT"); };
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news) and not program(syslog-ng) and not match("IPT"); };
filter f_err { level(err) and not match("IPT"); };
destination iptables { file("/var/log/iptables.log"); };
filter f_iptables { match("IPT"); };
log { source(src); filter(f_iptables); destination(iptables); };
If you don't want to use a log prefix, you could probably also match on 'IN=' and 'OUT='.
Works for me.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
Thanks, it works!
Offline