Hi,
On Thu, Sep 19, 2024 at 02:35:24PM +0000, fxkl4...@protonmail.com wrote:
> in my iptables i have tcp LOG flags 0 level 4 prefix "REJECT: "
> this does what i want but how to direct the logging
> it gets written to multiple file in /var/log
> syslog, messages, kern, debug
> can i restrict this to a single file
If you install a more flexible logging system than journald, such as
rsyslog or syslog-ng, you can match by regex in order to direct log
lines to different places.
I also use ulogd2 to direct iptables logging to different places. I
haven't yet written up what I do for nftables but here is soemthing
I wrote up years ago for iptables and it wasn't hard to adapt for
nftables:
https://strugglers.net/posts/2021/keeping-firewall-logs-out-of-linuxs-kernel-log-with-ulogd2/
There are of course many other resources online for using ulogd2.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
