> > I'm running a 2.4.2 firewall box with IPtables, and would like to > > change some of the logging behavior, but don't find much help in the > > man pages... > > > > First, the default logfile is /var/log/messages. How do I configure > > it to dump all logs into, e.g., /var/log/firewall? > > I believe you can choose the facility and the level of the log report. > Use that to filter your messages in your syslog.conf setup. If you OK, I'll dig around in syslog and try to figure out how to identify firewall log stuff and redirect it from there. > want to get fancy, use syslog-ng or a similarily enhanced logging > daemon to make use of regular expressions as well. Maybe later, but thanks for the suggestion. > > Second, I'm getting regular periodic pings from a particular source > > to the firewall. How do I tell iptables skip logging on only pings > > from that source to the firewall (but log all others)? > > Leave your original LOG rule in place, but place a DENY rule > preceeding it to match the source IP address of the offending machine. > If you happen to have more than one of these annoying machines pinging > you, place them all in a separate chain and put a rule at the top of > your INPUT or FORWARD chains. > > They call these blacklists. ;-) Don't want to blacklist it. I want to allow it -- it's from a known host, and the pings are in fact something I want going on. But all the important information is being stored at the source. All I want to do is not tell iptables not to log those. However, if I get pinged from some other source, I want to know about it, so that I might choose to blacklist those. Thanks, Andy