SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
That's your iptables log... it will overlap your boot logs after some time of filtering because it uses the same log level by default (warn i think). I believe you can make iptables log to some other file by tinkering with its settings.
I'll take a look at it later because now I'm stuck in Windowsland (at work )... I too am planning to change my iptables log level... and hopefully I can help you out a bit
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207
Rep:
Well, i'm not more knowledgable, and i might be totally wrong here BUT i beleive if you mess around with /etc/syslog.conf you could make the firewall log level something higher, and thus make it log to /var/log/secure for example. Note that i'm just guessing here from what i remember reading in "Running Linux". Unfortunately i gave that book over the summer to a friend, who doesn't want to give it back, thus i can't check how exactly to do this, if it all possible...
Reckon i'll have to buy myself the new edition anyway...
Well HTH a little
-NSKL
about that cp command you suggested i insert in rc.local: what is that doing? i know that there is output to /var/log/messages generated on boot, but the messages aren't the same as the ones that would be in dmesg (they're not as verbose and they don't list the device assignments for things like ide-scsi emulation).
i could've sworn that i read a post about this before, but i couldn't think of what to search for to bring it up...
i think you're right NSKL, as the log-level determines where the stuff gets logged. i think i'll just look at the syslogd manpage for a while and see what i can figure out.
Originally posted by yocompia about that cp command you suggested i insert in rc.local: what is that doing? i know that there is output to /var/log/messages generated on boot, but the messages aren't the same as the ones that would be in dmesg (they're not as verbose and they don't list the device assignments for things like ide-scsi emulation).
i could've sworn that i read a post about this before, but i couldn't think of what to search for to bring it up...
OK, maybe a little more explanation is needed on my part. Basically I explored the /etc/rc.d/rc.* files a bit and saw that on bootup rc.local is the last file that will be ran by init.
And since dmesg is basically similar to running cat /var/log/messages (at least I think it is, please correct me if I'm wrong), I thought why not copy the startup log before it gets crowded by the firewall logs.
Quote:
Originally posted by NSKL Well, i'm not more knowledgable, and i might be totally wrong here BUT i beleive if you mess around with /etc/syslog.conf you could make the firewall log level something higher, and thus make it log to /var/log/secure for example.
I read that in the man pages of syslog.conf as well, but the problem with that man page (in fact almost all of Linux's man), is that it is very stingy on explanations. Googling didn't help much as well. However it did say that the secure log is deprecated.
I would have preferred to log the iptables output to some other file, but I too, am stumped on how to this the right way
Do your firewall rules have a LOG target? They must since LOG "...[turns] on kernel logging of matching packets." Two options you might consider:
1. Remove the iptables rules that log messages.
2. Use the --log-prefix option in the iptables rules that log messages. If you prefix all your iptables messages with "foo" then you can filter those out of dmesg with "dmesg | grep -v foo". Just make sure you use something unique like "iptables_msg: " or something.
But the problem is that over time the iptables log entries will completely replace the kernel messages. So even if you grep all iptables log entries away, the bootup entries won't be returned.
In my case I want the iptables log... however, if possible I want it to log to a different file rather than sharing it with /var/log/messages. Do you know how to do this?
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207
Rep:
Again, remebering what i read in "Running Linux" you could (i think) do the following:
Change Ip tables log level in syslog.conf to something else, something not used, and exlude it from other logs (look at slack 9's syslog.conf and you'll see how some servises such as mail and cron are excluded from all logs and logged to their special files, only for them.
So make ip tables log to a special file as well. Something like Ip-tables.* /var/log/firewall. The problem here is that ip-tables is not a service like mail or cron, so i'm not really sure if you can do this. If i only had my book with me..... As soon as i get it back i'll read the syslog part again and i'm sure we'll find a solution...
HTH = Hope that Helps
-NSKL
the relevant portion on the syslog.conf format is about 50% down the first part of the post (i think that percentage is invariant...). it also has some nice stuff i used to strengthen my firewall.
i'll try this later today and post back with results, unless somebody else does first.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.