Re: ipchains packet monitoring

Fri, 10 Nov 2000 13:07:13 -0800 

A full dump of your /etc/syslog.conf would be appropriate.  You could
possibly have a '*' somewhere to indicate everything...

Marco

----- Original Message -----
From: "Lee Howard" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, November 10, 2000 3:54 PM
Subject: ipchains packet monitoring


> I have a line:
> kern.=info                  /var/log/ipchains
> in my /etc/syslog.conf file to route ipchains packet forwarding
information
> to the given file.  This is working well.  However... the same information
> is *still* going to /var/log/messages, and I do not want this to happen.
>
> I monitor the traffic with a cron-run script that I am attaching to make
> sure that the employees are doing work-related things on the web.
>
> Anyway, can someone tell me how to stop the kern.=info logging from also
> going to /var/log/messages?
>
> Thanks.
>
> Lee Howard
>
>


----------------------------------------------------------------------------
----


> LOCAL_IP_PREFIX='192.168.1.'
> LOCAL_IP_LIST='1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16'
> IPCHAINS_LOG=/home/deanox/ipchains
> SYSTNAME=conan
> LOG_DIR=/root/dnstran-1.3b2/ipfwd-log
> DNS_TRANS=/root/dnstran-1.3b2/dnstran
> [EMAIL PROTECTED]
>
> if [ -f $IPCHAINS_LOG ]; then
> rm -f $LOG_DIR/*
> for LOCAL_IP in $LOCAL_IP_LIST; do
> grep $LOCAL_IP_PREFIX$LOCAL_IP: $IPCHAINS_LOG | \
> sed "s/....$SYSTNAME kernel.*PROTO=[0-9]//g" | \
> sed "s/....$SYSTNAME kernel.*PROTO=1[0-9]//g" | \
> sed 's/L=.*//g' | \
> sed 's/\([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\):[0-9]*/\1/g' | \
> sed "s/$LOCAL_IP_PREFIX$LOCAL_IP//g" | \
> sort | uniq --skip-fields=3 > $LOG_DIR/ipfwd$LOCAL_IP
> $DNS_TRANS $LOG_DIR/ipfwd$LOCAL_IP >/dev/null
> if [ -s $LOG_DIR/ipfwd$LOCAL_IP.out ]; then
> cat $LOG_DIR/ipfwd$LOCAL_IP.out | \
> mail -s "$SYSTNAME IP Forwarding Log for $LOCAL_IP_PREFIX$LOCAL_IP"
$MAILTO
> fi
> done
> rm -f $IPCHAINS_LOG
> touch $IPCHAINS_LOG
> fi
>


----------------------------------------------------------------------------
----


>
>



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to