On Tue, Apr 10, 2001 at 05:48:41PM -0500, andy at theasis.com wrote:
> I'm running a 2.4.2 firewall box with IPtables, and would like to
> change some of the logging behavior, but don't find much help in the
> man pages...
> 
> First, the default logfile is /var/log/messages. How do I configure
> it to dump all logs into, e.g., /var/log/firewall?

I believe you can choose the facility and the level of the log report.
Use that to filter your messages in your syslog.conf setup.  If you
want to get fancy, use syslog-ng or a similarily enhanced logging
daemon to make use of regular expressions as well.

> Second, I'm getting regular periodic pings from a particular source
> to the firewall. How do I tell iptables skip logging on only pings
> from that source to the firewall (but log all others)?

Leave your original LOG rule in place, but place a DENY rule
preceeding it to match the source IP address of the offending machine.
If you happen to have more than one of these annoying machines pinging
you, place them all in a separate chain and put a rule at the top of
your INPUT or FORWARD chains. 

They call these blacklists. ;-)

-- 
Chad Walstrom <chewie at wookimus.net>                 | a.k.a. ^chewie
http://www.wookimus.net/                            | s.k.a. gunnarr
Key fingerprint = B4AB D627 9CBD 687E 7A31  1950 0CC7 0B18 206C 5AFD

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010410/ceb2b56f/attachment.pgp