# syslog-ng missing facility/priority?

## bart

Before I started using syslog-ng, I used good old default syslogd. That one captured all the packages detected by my iptables firewall. I don't know what facility/priority, but they were shown in my logfiles.

The default syslog-ng configuration don't show them, so wrote my own configuration to split up all the facilities and priorities (yes, that's a really big configurationfile  :Smile: )

Now my /var/log is full of different logfiles, but the packages blocked by iptables are still not shown.

The priorities I use are: auth, authpriv, cron, daemon, ftp, kern, local0..7, lpr, mail, news, user and uucp. The levels are: debug, info, notice, warning, err, crit, alert and emerg (emerg without a 'e'! Wow, that's strange  :Smile: ).

Am I missing something?

Formaly it works without the '--log-level' option for iptables. I tried some of the levels but still don't appear.

----------

## bart

I remember, iptables logs with kern.warning by default. Why don't they appear in my /var/log/kern_warning???

----------

## bart

Ooops. I forgot a source...

source src { unix-stream("/dev/log"); internal(); };

source kernsrc { file("/proc/kmsg"); };  <==   :Exclamation: 

But still a question: The default configuration didn't show them. I think it is because kern-messages with priority warning and lower aren't logged by default. With good old klogd there was an option '-c <loglevel>'. Default the loglevel is 5, but I set it to 4 (to include the netfilter warnings).

How can we change the minimum loglevel for kernel messages?

----------

## kang_

i use syslog-ng and my iptables hits output to kern.*

this is by default i think

check /var/log/kern.log

check that you are effectively logging the firewall hits in iptables

personnally i created a chain for this

$IPTABLES -N drop-and-log-it

$IPTABLES -A drop-and-log-it -j LOG --log-level info 

$IPTABLES -A drop-and-log-it -j DROP

and use it as target for dropped packets:

IPTABLES -A INPUT -i $EXTIF -s $INTNET -d $UNIVERSE -j drop-and-log-it

(this is an example of course)

----------

