iptables and logging [newbie]

Hello
I was trying to set up iptables on my RH 9.0 and enable logging
for the rejected packets in a file. However the log is also being
delivered to the console i.e. /dev/tty. Here is my setup(just for test)

iptables --list >
Chain INPUT (policy ACCEPT)
target prot opt source destination
LOG all -- localhost.localdomain localhost.localdomainLOG level
warning
REJECT all -- localhost.localdomain localhost.localdomainreject-with
icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

and syslog.conf>

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.err /var/log/iptables
kern.* /var/log/kernel

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;local0.!info;mail.none;authpriv.none;cron.n one /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* /var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
#*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log

#madhur ahuja created network log
#local0.error /dev/console
local0.* /var/log/madhur



--
Madhur Ahuja [madhur<underscore>ahuja<at>yahoo<dot>com]

Homepage
http://madhur.netfirms.com








Madhur Ahuja

"Madhur Ahuja" <(E-Mail Removed)> a écrit dans le message de news:
(E-Mail Removed)...
> Hello
> I was trying to set up iptables on my RH 9.0 and enable logging
> for the rejected packets in a file. However the log is also being
> delivered to the console i.e. /dev/tty. Here is my setup(just for test)
>
> iptables --list >
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> LOG all -- localhost.localdomain localhost.localdomainLOG level
> warning
> REJECT all -- localhost.localdomain
> localhost.localdomainreject-with
> icmp-port-unreachable
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> and syslog.conf>
>
> # Log all kernel messages to the console.
> # Logging much else clutters up the screen.
> kern.err /var/log/iptables
> kern.* /var/log/kernel
>
> # Log anything (except mail) of level info or higher.
> # Don't log private authentication messages!
> *.info;local0.!info;mail.none;authpriv.none;cron.n one /var/log/messages
>
> # The authpriv file has restricted access.
> authpriv.* /var/log/secure
>
> # Log all the mail messages in one place.
> mail.* /var/log/maillog
>
>
> # Log cron stuff
> cron.* /var/log/cron
>
> # Everybody gets emergency messages
> #*.emerg *
>
> # Save news errors of level crit and higher in a special file.
> uucp,news.crit /var/log/spooler
>
> # Save boot messages also to boot.log
> local7.* /var/log/boot.log
>
> #madhur ahuja created network log
> #local0.error /dev/console
> local0.* /var/log/madhur
>

Good.

Where is your question ?


>
> --
> Madhur Ahuja [madhur<underscore>ahuja<at>yahoo<dot>com]
>
> Homepage
> http://madhur.netfirms.com
>
>
>
>
>
>

tibo <(E-Mail Removed)> wrote:
> "Madhur Ahuja" <(E-Mail Removed)> a écrit dans le message de news:
> (E-Mail Removed)...
> Good.
>
> Where is your question ?
>
>

Sorry, my question is how can I supress the output to console.
I want the output in the file /var/log/iptables. I have not specified
console in /etc/syslog.conf.

What is the standard way of getting log from iptables only, not kernel
messages.

--
Madhur Ahuja [madhur<underscore>ahuja<at>yahoo<dot>com]

Homepage
http://madhur.netfirms.com

In comp.os.linux.security Madhur Ahuja <(E-Mail Removed)> wrote:
> Sorry, my question is how can I supress the output to console.
> I want the output in the file /var/log/iptables. I have not specified
> console in /etc/syslog.conf.
>
> What is the standard way of getting log from iptables only, not kernel
> messages.
This is caused by the default log-level of iptables (kernel generated
logged messages) and the klogd daemon default log level. I can't recall
what the klogd default is, but you can raise it with the '-c' option in
it's startup script or (better solution), add '--log-level 7' to your
iptable rule.
--
... Tim Rhodes ........................ http://rhodes.cc.vt.edu/~rhodes ..
... NIS-Systems Support, Virginia Tech .............. (E-Mail Removed) ..