Re: Firewall logging and syslog

I'm not sure about syslog, But I use metalog and then edit metalog.conf and
add in the 'kern'
facility a line 'command =' and then point it at a bash script that checks
for the log prefix
I put in iptables, if its there, it appends it to my log file, if not, it
disregards it, and the other
directive in the kern facility preform normal logging as not to comprimise
meta logs way of
logging things.

I havent worked with syslog in a while, but if you direct * at a bash
script, you should be able to
pick up your log prefixes and append them to a file.

----- Original Message ----- 
From: "Thomas T. Veldhouse" <veldy <at> veldy.net>
To: <gentoo-security <at> gentoo.org>
Sent: Friday, August 08, 2003 10:43 AM
Subject: [gentoo-security] Firewall logging and syslog

> I am not a syslog expert, so need some help.  I have rules in my firewall
> for logging, but currently, it is all logged into my syslog file.  How do
I
> setup syslog to filter them out and put them in a separate file.  Does
> anybody here have a scheme for this?  What I mean is, do you use multiple
> files for various firewall rules?  How did you set this up?
>
> Thanks in advance,
>
> Tom Veldhouse