Discussion:
logging with iptables
(too old to reply)
f***@protonmail.com
2024-09-19 14:40:01 UTC
Permalink
in my iptables i have tcp LOG flags 0 level 4 prefix "REJECT: "
this does what i want but how to direct the logging
it gets written to multiple file in /var/log
syslog, messages, kern, debug
can i restrict this to a single file
Andy Smith
2024-09-19 15:10:01 UTC
Permalink
Hi,
Post by f***@protonmail.com
in my iptables i have tcp LOG flags 0 level 4 prefix "REJECT: "
this does what i want but how to direct the logging
it gets written to multiple file in /var/log
syslog, messages, kern, debug
can i restrict this to a single file
If you install a more flexible logging system than journald, such as
rsyslog or syslog-ng, you can match by regex in order to direct log
lines to different places.

I also use ulogd2 to direct iptables logging to different places. I
haven't yet written up what I do for nftables but here is soemthing
I wrote up years ago for iptables and it wasn't hard to adapt for
nftables:

https://strugglers.net/posts/2021/keeping-firewall-logs-out-of-linuxs-kernel-log-with-ulogd2/

There are of course many other resources online for using ulogd2.

Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Tim Woodall
2024-09-20 02:20:01 UTC
Permalink
Post by f***@protonmail.com
in my iptables i have tcp LOG flags 0 level 4 prefix "REJECT: "
this does what i want but how to direct the logging
it gets written to multiple file in /var/log
syslog, messages, kern, debug
can i restrict this to a single file
*.*;auth,authpriv.none;kern.none -/var/log/syslog

Add kern.none to the ones you don't want kernel messages in.

That will, of course stop all logging, not just iptables.

Loading...