From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.43)
	id 1Dqau6-0007zO-1q
	for garchives@archives.gentoo.org; Thu, 07 Jul 2005 18:15:18 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j67IDvR0023949;
	Thu, 7 Jul 2005 18:13:57 GMT
Received: from machina.unitedcolo.de (machina.unitedcolo.de [213.202.211.120] (may be forged))
	by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j67IDugW019269
	for <gentoo-user-de@lists.gentoo.org>; Thu, 7 Jul 2005 18:13:56 GMT
Received: by machina.unitedcolo.de (Postfix, from userid 1000)
	id 2F9EC1C7EF8; Thu,  7 Jul 2005 20:13:55 +0200 (CEST)
Date: Thu, 7 Jul 2005 20:13:55 +0200
From: z3rosix@my-mail.ch
To: gentoo-user-de@lists.gentoo.org
Subject: [gentoo-user-de] syslog-ng filtert iptables (nicht)
Message-ID: <20050707181355.GB30176@gmx.de>
Precedence: bulk
List-Post: <mailto:gentoo-user-de@lists.gentoo.org>
List-Help: <mailto:gentoo-user-de+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user-de+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user-de+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user-de.gentoo.org>
X-BeenThere: gentoo-user-de@gentoo.org
Reply-to: gentoo-user-de@lists.gentoo.org
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
User-Agent: Mutt/1.5.8i
X-machina-MailScanner-Information: Please contact the ISP for more information
X-machina-MailScanner: Found to be clean
X-machina-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=0,
	benoetigt 4)
X-localhost-MailScanner-From: z3rosix@my-mail.ch
X-MIME-Autoconverted: from quoted-printable to 8bit by robin.gentoo.org id j67IDugW019269
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by robin.gentoo.org id j67IDvRW023949
X-Archives-Salt: 364aff3f-e930-4691-8cbe-83dbebb887ba
X-Archives-Hash: f119139c3e6ee21fe719219c0641b3b3

sers,

ich hab ein problem mit syslog-ng. Ich m=F6chte das er meine iptables
drops in ein spezielles file (/var/log/iptables) logt. Daf=FCr markier ic=
h
alle gedropten pakete bei iptables mit "-j LOG --log-prefix "iptables: "
"
Beim syslog-ng hab ich eine entsprechende destination, filter usw.
konfiguriert:

destination iptables { file("/var/log/iptables"); };
filter f_iptables { match("iptables:"); };
log { source(src); filter(f_iptables); destination(iptables); };

aus meiner sicht sieht eigentlich alles gut aus, nur irgendwarum landen
die drops immer noch in "/var/log/kern.log".
ich hab die iptables regel auch schon ganz am anfang hingesetzt, weil
ich gelesen hab das der ja nur einmal logt und dann w=FCrde es erkl=E4ren
warums in "kern.log" landet aber auch wenns ganz am anfang steht klappts
nicht.


Wei=DF jemand noch rat?


thx im voraus


greetz

alex

--=20
gentoo-user-de@gentoo.org mailing list