Dnia czwartek, 20 kwietnia 2006 08:38, robee napisał:
> when i use -j LOG target, netfilter writes so many
information to syslog.
> what can i use to write only IN and OUT interface, SRC
and DST host?
Get a syslog-ng up && running.
Create filter to match only entries you are interested in (
iptables
--log-prefix "something-unique" + filter { }
definition in syslog-ng.conf )
Try to catch this "prefix" and direct it into
pipe ( you can feed some SQL
backend with it or write small daemon/script that will read
this pipe line by
line and extract information that you want to store/you are
interested in ).
And also try NOT to log netfilter messages info
messages/kernel and so on
( performance reasons ). This can be achived by using
"not
match(somestring)" in log {} section.
--
Jakub Wartak
-vnull
Abstrakcyjna plciowosc szczekoczulek Konstantego.
http://vnull.pcnet.com.pl/
|