I have a line:
kern.=info /var/log/ipchains
in my /etc/syslog.conf file to route ipchains packet forwarding information
to the given file. This is working well. However... the same information
is *still* going to /var/log/messages, and I do not want this to happen.
I monitor the traffic with a cron-run script that I am attaching to make
sure that the employees are doing work-related things on the web.
Anyway, can someone tell me how to stop the kern.=info logging from also
going to /var/log/messages?
Thanks.
Lee Howard
LOCAL_IP_PREFIX='192.168.1.'
LOCAL_IP_LIST='1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16'
IPCHAINS_LOG=/home/deanox/ipchains
SYSTNAME=conan
LOG_DIR=/root/dnstran-1.3b2/ipfwd-log
DNS_TRANS=/root/dnstran-1.3b2/dnstran
[EMAIL PROTECTED]
if [ -f $IPCHAINS_LOG ]; then
rm -f $LOG_DIR/*
for LOCAL_IP in $LOCAL_IP_LIST; do
grep $LOCAL_IP_PREFIX$LOCAL_IP: $IPCHAINS_LOG | \
sed "s/....$SYSTNAME kernel.*PROTO=[0-9]//g" | \
sed "s/....$SYSTNAME kernel.*PROTO=1[0-9]//g" | \
sed 's/L=.*//g' | \
sed 's/\([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\):[0-9]*/\1/g' | \
sed "s/$LOCAL_IP_PREFIX$LOCAL_IP//g" | \
sort | uniq --skip-fields=3 > $LOG_DIR/ipfwd$LOCAL_IP
$DNS_TRANS $LOG_DIR/ipfwd$LOCAL_IP >/dev/null
if [ -s $LOG_DIR/ipfwd$LOCAL_IP.out ]; then
cat $LOG_DIR/ipfwd$LOCAL_IP.out | \
mail -s "$SYSTNAME IP Forwarding Log for $LOCAL_IP_PREFIX$LOCAL_IP"
$MAILTO
fi
done
rm -f $IPCHAINS_LOG
touch $IPCHAINS_LOG
fi
