Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] /var/log/{messages,firewall,warn}
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Wed, 2 Aug 2000 09:51:25 +0200
  • Message-id: <20000802095125.B4034@xxxxxxxxx>
* Roman Drahtmueller wrote on Wed, Aug 02, 2000 at 03:29 +0200:
> The problem is that these logs "from" ipchains actually come from the
> kernel; ipchains is only used to feed the rules into the kernel. Messages
> from the kernel are being read by klogd from /proc/kmsg and then forwarded
> to syslogd. Here's your chance to get hold of the logs: change the

> kern.* /var/log/firewall

I assume logging is done using always the same priority, but I've
found no hint in the ipchains man page. In this case it should be
possible to exchange the wildcard "*" with this priority.

I would suggest to name this file "kernel" and not firewall,
since IMHO "firewall" is misleading here. In a file firewall I
wouldn't expect Harddisk I/O errors and so on. It's a pitty that
syslog is to silly to sort by the tag field, but you could make a
little (i.e. perl-) Script or some program doing this. Syslogd is
able to write down to a named pipe, that could be read out be
such a script. What do you think?

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >