# How do I stop iptables logs going into dmesg?

## Robert S

I have just installed iptables - I'm going to use it to block incoming connections (I've already got a hardware firewall  :Smile: ).  I use syslog-ng and currently all logs go into /var/log/messages.  I want to keep iptables logs out of this file and out of dmesg.  I've managed to get iptables logs out of /var/log/messages by using this rule:

iptables -A INPUT -i eth0 -m limit --limit 1/sec -j LOG --log-prefix "iptables "

and putting this into /etc/syslog-ng/syslog-ng.conf

options {

        long_hostnames(off);

        sync(0);

        stats(43200);

};

source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };

destination messages { file("/var/log/messages"); };

destination console_all { file("/dev/tty12"); };

destination iptables { file("/var/log/iptables.log"); };

filter f_iptables { match("iptables "); };

log { source(src); filter(f_iptables); destination(iptables); flags(final); };

log { source(src); destination(messages); };

log { source(src); destination(console_all); };

All seems to be fine - the logs turn up into /var/log/iptables.log, but they still appear when I do "dmesg".  How do I stop this??

P.S. Can anybody point me to a SIMPLE script to start up iptables?  I don't need to do routing or NAT.  Most of the "simple" ones around are horrifically complex.

----------

## ikaro

might be what you were asking, but with shorewall you can use ULOG in a easy way.

ps: remember to compile ulog in the kernel aswell  :Smile: 

----------

## Robert S

I'd like to keep it simple and avoid shorewall if possible.  I'll have a little look at shorewall on a "test" machine however.

----------

## Robert S

I've fixed it without using shorewall.  Its very easy to configure and run ulogd.

----------

## ikaro

you could post how you fixed it, usually its good maners  :Wink: 

So the next person can find a solution by searching the forums.

----------

## Robert S

OK.  Good thinking.  Its so easy that its almost not necessary to do this.

# emerge ulogd

# Edit /etc/ulogd.conf thus:

nlgroup 1

logfile /var/log/ulogd.log

loglevel 5

rmem 131071

bufsize 150000

plugin /usr/lib64/ulogd/ulogd_BASE.so

syslogfile /var/log/ulogd.syslogemu

syslogsync 1

plugin /usr/lib64/ulogd/ulogd_LOGEMU.so

dumpfile /var/log/ulogd.pktlog

pcapfile /var/log/ulogd.pcap

pcapsync 1

# Start it!

/etc/init.d/ulogd start

# That's all!!  You can also send logs to mysql.  I won't bother with this.

I'll get logrotate to rotate logs daily and will do a script which will report any output every day.  I'd like to do something that doesn't just output lines of identical output, but prints each line of output and how many times it appeared.  Suggestions???

----------

## Takk

If you need a simple IPTables configuration file, try this site:

http://www.netfilter.org/documentation/index.html#documentation-howto

About the other thing, I'm building a PHP application that does iptables log analysis for my final graduation project. I'll place a copy on my homepage when finished. There are lots of good tools that do it so, but I don't remember any now.

----------

## rogerx

This ulog tip should be incorporated into the Gentoo Shorewall Wiki ... if it really solves the shorewall logs > dmesg issue.

FYI: This *is* a faq concerning Shorewall.

----------

