where is iptables log files?

Message

bonito · Post by **bonito** » Tue Jun 18, 2002 7:18 pm

I was hoping to find some sort of error log for iptables in order to better understand what is going wrong with rules I am programming into it. I have looked all over and cannot find anything. Where in the gentoo distribution are iptables log files stored? If I have to make them and set the machine to write to them manually can someone explain how I would do this?

id10t · Post by **id10t** » Tue Jun 18, 2002 7:55 pm

Use gShield (muse.linuxmafia.org) - really easy to setup and configure. All of my iptables messages go to /var/log/messages

klieber · Post by **klieber** » Tue Jun 18, 2002 8:19 pm

bonito wrote:If I have to make them and set the machine to write to them manually can someone explain how I would do this?

Look at syslogd and syslog.conf. That will let you define separate log files for various apps.

--kurt

trapni · Post by **trapni** » Tue Jun 18, 2002 9:14 pm

Well, exactly that's what I'd like to have for iptables and scanlogd seperately, so, could you please give me a quick'n'dirty example exact for RTFM me how such an entry would look like for syslog-ng?

iptables: /var/log/firewall/iptables
scanlogd: /var/log/firewall/scanlogd

And, btw, is it possible to split the output if iptables (by prefix of the LOG rule) into seperate log files as well?

Thanks in advance,
Christian Parpart.

klieber · Post by **klieber** » Wed Jun 19, 2002 2:50 pm

Basically, you set up a "localX" log in syslog.conf where "X" is some number. Then, in your iptables script, you use '--log-level localX' to define where the log should go.

man syslog.conf
man syslogd

are two places to start. Also, try searching google. It came up with this post among others.

--kurt

bonito · Post by **bonito** » Wed Jun 19, 2002 5:46 pm

ok so here is what I have for my metalog addition:

Iptables :

facility = "local1"
minimum 7
logdir = "/var/log/iptables"

if after that I set iptables conditions for logging under the --log-level local1 will it start logging all activity with iptables to that directory?

klieber · Post by **klieber** » Wed Jun 19, 2002 7:53 pm

Eh...not sure for metalog. I use plain old syslog.

Anyone else here a metalog guru?

--kurt

bonito · Post by **bonito** » Wed Jun 19, 2002 8:04 pm

I just installed sysklogd (syslogd?) on my system. I removed metalog, and I can see some logging taking place in certain files. when I use the --log-level local3 after editing the syslog.conf file it gives me the error message that local3 is an unrecognized log level.

trapni · Post by **trapni** » Wed Jun 19, 2002 10:57 pm

Okay, I was googling for a while and found really something interesting for syslog-ng:

Code: Select all

destination d_fw { file("/var/log/firewall"); };
filter f_fw { match("fw-"); };
log { source(kernsrc); filter(f_fw); destination(d_fw); };

This tiny addon in my syslog-ng.conf puts all the netfilter logged with a prefix containing "fw-" into my special log file, /var/log/firewall. That's great!
You can filter any expression from any log input device and put it into a seperate file for better analyzation

Cheers,
Christian Parpart.

rajl · Post by **rajl** » Wed May 14, 2003 11:05 pm

Having just read this post, I'm really confused. I'm using syslogd right now, but local3 is a facility, not a log level, so my iptables script gives me errors if I try to log traffic with a "--log-level local3" as has been recommended here.

Can anyone shed light on this issue? I really would like to be able to log my iptables data to a seperate log file. I'm even willing to switch system loggers if someone can tell me to do it in another system logger other than plain old syslogd.

where is iptables log files?

where is iptables log files?

Re: where is iptables log files?

my metalog.conf addition