I set "--log-level notice" for FW_LOG variable in firewall2.rc.config and following rules if /etc/syslog.conf: *.*;mail.none;news.none;kern.!=notice -/var/log/messages kern.=notice -/var/log/firewall It works. The only way I changed default "--log-level warn" is because I like to see kernel warnings in /var/log/messages. (or, I use it on SuSE 7.1, but SuSEfirewall2 must be default on SuSE 8.1?) Thanks, Vadim On Wednesday 18 December 2002 14:34, Ryan Allen wrote:
I've been trying to get ONLY FIREWALL messages to go in /var/log/firewall and all the rest of the kernel messages in /var/log/messages. For example, the boot up messages you are supposed to see with the "dmesg" command, which is now cluttered with firewall ACCEPT/DENY messages.
I'm running SuSE 8.1
I've scanned the past archives and found a few ideas, the most promising was adding this to /etc/syslog.conf:
### Got this off the SuSE security mail list. ### Supposed to stuff all firewall messages in /var/log/firewall ### And out of /var/log/messages. ### ### I hope that all the other stuff still goes in /var/log/messages: ## ## - I wanted to get firewall messages in a separate file, so I added an entry ## kern.* - /var/log/firewall to /etc/syslog.conf, but now it logs to BOTH ## files. Any ideas how to cure this? ## ## yup, do this:
*.*;!kern.* - /var/log/messages kern.* - /var/log/firewall
Okay, so I added that, then for some reason _NO_ kernel messages were getting logged to either file. It also looks to me that this should pipe ALL kernel messages to /var/log/ferewall, even the boot up kernel messages.
So, I'm back to ground zero with this:
*.*;mail.none;news.none -/var/log/messages
The only way I can think of to actually do this correctly is to pipe all messages to a perl script, that parses firewall messages into the firewall log and all the rest into messages. Am I out of my mind? I'm getting about a meg of firewall messages a day!
If anybody has any suggestions, please reply!!! Thanks!!
- Ryan