On 08/01/2011 03:23 PM, Kenneth Porter wrote: > --On Wednesday, July 20, 2011 10:44 AM -0500 cbulist at gmail.com wrote: > >> We are trying to track some specific rules using LOG as target. >> Everything is working well but the problem is that iptables is flooding >> the console with LOG messages. > In addition to the other suggestions, you could switch to rsyslog, included > in CentOS base. It provides much more flexible filtering options. Add a > unique string to your iptables log lines and match on it to divert all of > its logs to a separate file (or virtual console). > > After switching to rsyslog, my /var/log/messages rarely gets a new message, > as I've diverted everything to subsystem-specific log files. (Remember to > add logrotate entries for them so your disk doesn't fill up.) > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > Here is an example using rsyslog: note log-level7 is kern.debug iptables log line: -A ACCEPTnLOG -m limit --limit 30/min -j LOG --log-level 7 --log-prefix "fw (ACCEPTnLOG) " part of rsyslog.conf - first don't log kern.debug messages to /var/log/messages ... *.info;kern.!=debug;mail.none;authpriv.none;cron.none /var/log/messages ... #put messages that start with "fw " in /var/log/firewall.log :msg, startswith, "fw " -/var/log/firewall.log -- Stephen Clark *NetWolves* Sr. Software Engineer III Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.clark at netwolves.com http://www.netwolves.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110801/c72e30fc/attachment-0004.html>