My *nix world

iptables with syslog-ng on Gentoo

If you use syslog-ng protocol to log your Linux kernel's messages into a /var/log/messages file and if you want to log some messages (filtered by some criteria) into a separate log file (eg. your firewall log entries), then here is what you have to do:

  • edit syslog-ng configuration file (/etc/syslog-ng/syslog-ng.conf)
    • create a new destination entry special designed for your firewall:
    • create a new filter so that you grab only those entries related to firewall
    • log those entries specified by your custom filter to your custom destination file
  • restart/reload your syslog-ng service

In the example below I will show you how to use iptables with syslog-ng on Gentoo.

I've edited the default syslog-ng.conf file where I've added lines 18,28,34 and I've changed the default line 25:

[code language="bash"]
# Syslog-ng default configuration file for Gentoo Linux

options {
chain_hostnames(no);
stats_freq(43200);
mark_freq(3600);
};

source src {
unix-stream("quot;/dev/log"quot; max-connections(256));
internal();
file("quot;/proc/kmsg"quot;);
};

destination messages { file("quot;/var/log/messages"quot;); };

# your custom firewall destination
destination firewall { file("quot;/var/log/firewall.log"quot;); };

# By default messages are logged to tty12...
destination console_all { file("quot;/dev/tty12"quot;); };

# make sure you don't include in /var/log/messages those entries that will go
# into firewall custom log file
filter f_kernel { not match("quot;IN="quot; value(MSG)) or not match("quot;OUT="quot; value(MSG)); };

# your custom firewall filter
filter f_firewall { match("quot;IN="quot; value(MSG)) and match("quot;OUT="quot; value(MSG)); };

log { source(src); filter(f_kernel); destination(messages); };
log { source(src); filter(f_kernel); destination(console_all); };

# your custom firewall log entry
log { source(src); filter(f_firewall); destination(firewall); };

[/code]

Now, if you think that this article was interesting don't forget to rate it. It shows me that you care and thus I will continue write about these things.

 
The following two tabs change content below.
iptables with syslog-ng on Gentoo

Eugen Mihailescu

Founder/programmer/one-man-show at Cubique Software
Always looking to learn more about *nix world, about the fundamental concepts of math, physics, electronics. I am also passionate about programming, database and systems administration. 16+ yrs experience in software development, designing enterprise systems, IT support and troubleshooting.
Tagged on: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: