Iptables logging under Debian
Mike Waychison
mike-DlQxw/23Tq2aMJb+Lgu22Q at public.gmane.org
Tue Dec 30 20:06:27 UTC 2003
Walter Dnes wrote:
> I do want to log them, but only to file, not to
> console. I'm using log-level 6, like so...
>
> [0:0] -A UNSOLICITED -j LOG --log-prefix "UNSOLICITED:" --log-level 6
> [0:0] -A UNSOLICITED -j DROP
>
> The manpage is totally useless. I presume I have to use a different
> log-level, but which one ?
>
You need to turn down the kernel's logging to the console. This is done
by the kernel.printk sysctl or by writing to the four values to
/proc/sys/kernel/printk :
echo "5 4 1 5" > /proc/sys/kernel/printk
Where the numbers signify:
(first) - The current minimum loglevel to actually show on the console
(minimum really meaning maximum in that it will print loglevels 1-5 in
the example above).
(second) - the default level of kernel printks that don't specify a loglevel
(third) - the minimum level to log to the console when syslog disables
console logging.
(fourth) - the minimum level to log to the console when syslog reenables
console logging
If you still wanted some other 'info' messages to show up on the
console, then you could manually configure them via /etc/syslog.conf (or
however your next-gen logger is configured).
hth,
Mike Waychison
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 251 bytes
Desc: not available
URL: <http://gtalug.org/pipermail/legacy/attachments/20031230/2f0e9991/attachment.sig>
More information about the Legacy
mailing list