[CentOS] Iptables - flooding console

Steve Clark

sclark at netwolves.com
Mon Aug 1 19:48:31 UTC 2011


On 08/01/2011 03:23 PM, Kenneth Porter wrote:
> --On Wednesday, July 20, 2011 10:44 AM -0500 cbulist at gmail.com wrote:
>
>> We are trying to track some specific rules using  LOG as target.
>> Everything is working well but the problem is that iptables is flooding
>> the console with LOG messages.
> In addition to the other suggestions, you could switch to rsyslog, included
> in CentOS base. It provides much more flexible filtering options. Add a
> unique string to your iptables log lines and match on it to divert all of
> its logs to a separate file (or virtual console).
>
> After switching to rsyslog, my /var/log/messages rarely gets a new message,
> as I've diverted everything to subsystem-specific log files. (Remember to
> add logrotate entries for them so your disk doesn't fill up.)
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
Here is  an example using rsyslog:
note log-level7 is kern.debug

iptables log line:
-A ACCEPTnLOG -m limit --limit 30/min -j LOG --log-level 7  --log-prefix "fw (ACCEPTnLOG) "

part of rsyslog.conf - first don't log kern.debug messages to /var/log/messages
...
*.info;kern.!=debug;mail.none;authpriv.none;cron.none                /var/log/messages
...
#put messages that start with "fw " in /var/log/firewall.log
:msg, startswith, "fw " -/var/log/firewall.log



-- 
Stephen Clark
*NetWolves*
Sr. Software Engineer III
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark at netwolves.com
http://www.netwolves.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110801/c72e30fc/attachment-0001.html>


More information about the CentOS mailing list