6

I am using ubuntu 10.10. with iptables! I want to log my firewall drops in the file /var/log/firewall and NOT in any other logfile.

So I added the following line to my file: /etc/rsyslog.d/50-default.conf:

#iptables Log kern.warning /var/log/firewall.log

This way my drops and logs from iptables are logging into the right file!

Now i dont know what to add to not log the drops in the other files.. At this time it write every drop in /var/log/messages /var/log/kern.log and /var/log/syslog

Heeeelp :)

I found this one : Add a local application to syslog excluded from /var/log/messages but it doesnt work.. Maybe because its Rsyslogd in Ubuntu 10.10?

Thanks!

Improve this question

1 Answer 1

Reset to default
4

Use a discard action after the iptables log, but before the other logs.

kern.warning /var/log/firewall.log kern.warning ~ *.* /var/log/messages
Improve this answer
2
  • What does ~ mean? (the rsyslog manual is a little vague). Commented Oct 20, 2010 at 0:09
  • 1
    @Stefan: rsyslog.conf(5) man page, ACTIONS section, Discard subsection. Commented Oct 20, 2010 at 0:12

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.