[nzlug] How to keep iptables log messages out of dmesg?

[Volker Kuhlmann]

On Fri 29 Feb 2008 12:05:26 NZDT +1300, R. Eimann wrote:

> in my openSuSE 10.3, iptables log entries seem to be put into dmesg by default 
> (instead of a separate file, /var/log/firewall, for instance). Does anyone 
> here know how to change this? I.e., put log entries into a file instead of 
> having them in demsg?

dmesg is a command which displays the kernel log ring buffer. Nothing to
do with iptables, except that iptables logs to syslog, and syslog also
gets copied into the kernel ring buffer.

The default syslog daemon for openSUSE 10.3 is syslog-ng (although the
old syslog is also available, but mutually exclusive - for obvious
reasons). The configuration format of syslog-ng is not at all compatible
with that of syslog, which is annoying until you realise that it's easy
to understand, and allows to file syslog messages by string matching.
Configure a filter which matches the SuSEfirewall2 iptables log prefix
string and add a rule which writes all that to /var/log/firewall or any
other file of your choice. You may have to also add the filter as a
negative for what goes into /var/log/messages. One read of the man page
shold set you going.

All the iptables output on SUSE used to go into /var/log/firewall, but I
guess they changed that back because neither users nor any piece of log
analyzer wasn't up to looking somewhere other than
throw-it-all-into-the-same-bucket. The LSB might say something about
this too.

Volker

-- 
Volker Kuhlmann			is list0570 with the domain in header
http://volker.dnsalias.net/	Please do not CC list postings to me.