Hi there! (My first posting to this group) I have iptables set up with the "default" logging scheme, /var/log/messages. Here's an "iptables -L"-snippet: LOG all -- anywhere anywhere LOG level warning prefix `Drop: ' DROP all -- anywhere anywhere My logfiles look like this Drop: IN=eth1 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=60.191.1.173 DST=aa.bb.cc.dd ../*edited*/ PROTO=UDP SPT=1087 DPT=1434 ... Which isn't very "nice", or (imho) not very readable. I am wondering if someone in here does these loggings in an other way, and how they then do it. What ways can I make iptables log it's traffic? If anyone have suggestions, good links, tips or explanatory docs on the following "methods", I would really appreciate it: - Log to a database (whatever DB) - Log to a file - Log to a syslog-server It would be nice to not receive mails with "rtfm iptables", please. Best regards Odd Arne Beck SuSE 9.2-user