* Roman Drahtmueller wrote on Wed, Aug 02, 2000 at 03:29 +0200:
The problem is that these logs "from" ipchains actually come from the kernel; ipchains is only used to feed the rules into the kernel. Messages from the kernel are being read by klogd from /proc/kmsg and then forwarded to syslogd. Here's your chance to get hold of the logs: change the
kern.* /var/log/firewall
I assume logging is done using always the same priority, but I've found no hint in the ipchains man page. In this case it should be possible to exchange the wildcard "*" with this priority. I would suggest to name this file "kernel" and not firewall, since IMHO "firewall" is misleading here. In a file firewall I wouldn't expect Harddisk I/O errors and so on. It's a pitty that syslog is to silly to sort by the tag field, but you could make a little (i.e. perl-) Script or some program doing this. Syslogd is able to write down to a named pipe, that could be read out be such a script. What do you think? oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.