[TriLUG] iptables logging ! >/dev/console

Aaron S. Joyner aaron at joyner.ws
Mon Mar 1 16:13:24 EST 2004 

Best guess, not knowing how you have iptables, syslog, or dmesg (kernel 
output) configured:

You can adjust what gets printed selectively by tuning your iptables 
rules, syslog.conf, and adjusting the kernel internals directly (with 
dmesg).  Yes, the messages are always going to be associated with the 
kern facility, but you can specify, with each rule, what the log level 
should be.  I imagine that currently, you're not specifying it, and 
either it defaults to one of the higher level warnings, which by default 
in your syslog.conf, will get printed to the console, or your 
syslog.conf specifies that all kernel messages be printed to the console 
(default on most redhat systems?) - or as Glen just suggested while I 
was typing this, it doesn't matter because your echoing everything to 
the console, which can be changed with dmesg.

Check that your specifying "--log-level info" with each of your rules, 
or ensure you know what the default log level is
Check your syslog.conf  and see what is getting echo'd to the console.  
Relevant lines look like:
kern.*   /dev/console
Once you're sure syslog isn't going to dole it out, set the level that 
will be hard printed by the kernel with dmesg as Glen suggested

Aaron J.


Brian A. Henning wrote:

>Hi folks,
>  I have my iptables set to log packets that are destined to be dropped,
>with the hope of being able to discover trends in the undesirable stuff
>coming my way and perhaps create more efficient rules to deal with them.
>  So here's my issue:  iptables uses the syslog logging mechanism, with its
>messages apparently falling under the kern facility.  Is there a way to
>configure syslogd to separate out messages from iptables for logging in a
>separate file?  Or at least to stop iptables log messages from getting sent
>to the console, but without precluding all other kernel messages from going
>to the console?  I can later grep out the iptables messages from
>/var/log/messages with a perl script if necessary.
>  My immediate concern is to stop iptables messages from going to the
>console, as they can at times come frequently enough to severely interfere
>with useful console interaction.
>
>Thanks for the help,
>~Brian
>
>  
>

More information about the TriLUG mailing list