Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
syslog-ng missing facility/priority?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
bart
n00b
n00b


Joined: 13 Apr 2002
Posts: 60

PostPosted: Mon May 20, 2002 3:42 pm    Post subject: syslog-ng missing facility/priority? Reply with quote

Before I started using syslog-ng, I used good old default syslogd. That one captured all the packages detected by my iptables firewall. I don't know what facility/priority, but they were shown in my logfiles.

The default syslog-ng configuration don't show them, so wrote my own configuration to split up all the facilities and priorities (yes, that's a really big configurationfile :))

Now my /var/log is full of different logfiles, but the packages blocked by iptables are still not shown.

The priorities I use are: auth, authpriv, cron, daemon, ftp, kern, local0..7, lpr, mail, news, user and uucp. The levels are: debug, info, notice, warning, err, crit, alert and emerg (emerg without a 'e'! Wow, that's strange :)).
Am I missing something?

Formaly it works without the '--log-level' option for iptables. I tried some of the levels but still don't appear.
Back to top
View user's profile Send private message
bart
n00b
n00b


Joined: 13 Apr 2002
Posts: 60

PostPosted: Mon May 20, 2002 3:53 pm    Post subject: Reply with quote

I remember, iptables logs with kern.warning by default. Why don't they appear in my /var/log/kern_warning???
Back to top
View user's profile Send private message
bart
n00b
n00b


Joined: 13 Apr 2002
Posts: 60

PostPosted: Mon May 20, 2002 4:41 pm    Post subject: Reply with quote

Ooops. I forgot a source...
source src { unix-stream("/dev/log"); internal(); };
source kernsrc { file("/proc/kmsg"); }; <== :!:

But still a question: The default configuration didn't show them. I think it is because kern-messages with priority warning and lower aren't logged by default. With good old klogd there was an option '-c <loglevel>'. Default the loglevel is 5, but I set it to 4 (to include the netfilter warnings).
How can we change the minimum loglevel for kernel messages?
Back to top
View user's profile Send private message
kang_
Guest





PostPosted: Mon May 20, 2002 5:46 pm    Post subject: Reply with quote

i use syslog-ng and my iptables hits output to kern.*
this is by default i think
check /var/log/kern.log

check that you are effectively logging the firewall hits in iptables

personnally i created a chain for this
$IPTABLES -N drop-and-log-it
$IPTABLES -A drop-and-log-it -j LOG --log-level info
$IPTABLES -A drop-and-log-it -j DROP


and use it as target for dropped packets:
IPTABLES -A INPUT -i $EXTIF -s $INTNET -d $UNIVERSE -j drop-and-log-it
(this is an example of course)
Back to top
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum