iptables log and syslog-ng

jemann.chen · 2007-01-16 17:10:10

How to setup iptables log with syslog-ng and only log in a single file, say firewall.log or iptables.log?

The default syslog-ng.conf won't log about iptables.

arew264 · 2007-01-16 23:08:56

I would be interested in this as well. How do you set up iptables to log to a certain file?

cactus · 2007-01-16 23:25:38

what I did...

I set my iptables logging prefix to "IPT".
Then, in syslog-ng, set kern and debug filters to add 'and not match("IPT")'.
Then I created an iptables entry in syslog-ng

filter f_kernel { facility(kern) and not match("IPT"); };
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news) and not program(syslog-ng) and not match("IPT"); };
filter f_err { level(err) and not match("IPT"); };

destination iptables { file("/var/log/iptables.log"); };
filter f_iptables { match("IPT"); };
log { source(src); filter(f_iptables); destination(iptables); };

If you don't want to use a log prefix, you could probably also match on 'IN=' and 'OUT='.
Works for me.

jemann.chen · 2007-01-17 05:11:17

Thanks, it works!

Arch Linux

#1 2007-01-16 17:10:10

iptables log and syslog-ng

#2 2007-01-16 23:08:56

Re: iptables log and syslog-ng

#3 2007-01-16 23:25:38

Re: iptables log and syslog-ng

#4 2007-01-17 05:11:17

Re: iptables log and syslog-ng

Board footer