Change iptables log in 9.10

[yeleek]

Hi,

How can i change the log location for Iptables pls in 9.10? 9.10 uses rsyslog now I believe.

http://www.cyberciti.biz/tips/force-...-log-file.html

but thats for syslog.conf instead of rsyslog.

THanks

[yeleek]

Hi,

Found this

http://blog.shadypixel.com/log-iptab...-with-rsyslog/

And so have created

cat iptables.conf which has

Code:

:msg, startswith, "iptables denied: " -/var/log/iptables.log
& ~

However items are still getting logged to messages not /var/log/iptables.log

These are the iptables.rules being restored via iptables-restore - any ideas please?

Code:

# Generated by iptables-save v1.4.1.1 on Wed Jul 15 15:26:08 2009
*filter
:INPUT DROP [712:79941]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [142245:17267585]
:allowed - [0:0]
:existing-connections - [0:0]
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 4 
-A INPUT -j existing-connections 
-A INPUT -j allowed 
-A existing-connections -i lo -j ACCEPT 
-A existing-connections -m state --state ESTABLISHED -j ACCEPT 
-A existing-connections -m state --state RELATED -j ACCEPT 
COMMIT
# Completed on Wed Jul 15 15:26:08 2009
# Generated by iptables-save v1.4.1.1 on Wed Jul 15 15:26:08 2009
*mangle
:PREROUTING ACCEPT [181100:209038881]
:INPUT ACCEPT [174949:207323062]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [142245:17267585]
:POSTROUTING ACCEPT [142254:17270190]
COMMIT
# Completed on Wed Jul 15 15:26:08 2009

[yeleek]

Fixed it - FYI added

Code:

:msg,contains,"iptables" /var/log/iptables.log
& ~
*.info;mail.none;authpriv.none;cron.none /var/log/messages

to /etc/rsyslog.d/50-default.conf

Allows for only iptables alerts to be affected.

[zhashuyu]

Fixed it - FYI added

Code:

:msg,contains,"iptables" /var/log/iptables.log
& ~
*.info;mail.none;authpriv.none;cron.none /var/log/messages

to /etc/rsyslog.d/50-default.conf

Allows for only iptables alerts to be affected.

Can I change the alerts level to lower level like debug ?( My system is ubuntu 10.04 )