[Logcheck-users] filtering out iptables messages
Milan Andric
mandric at gmail.com
Thu Aug 13 19:43:11 UTC 2009
2009/8/13 Frédéric Brière <fbriere at fbriere.net>:
> Milan Andric <mandric at gmail.com> wrote:
>> Aug 7 10:35:17 slice kernel: iptables denied: IN=eth0 OUT=
>
> I'm guessing these are being raised as security events, due to the
> presence of "denied".
>
>> hourly email. Adding the regex to
>> /etc/logcheck/ignore.d.server/kernel does not work. Yet when I use
>
> You'll have to add that rule to violations.ignore.d/local-kernel for it
> to take effect. (You might want to leave a copy in ignore.d.server,
> since logcheck-database 1.3.x will no longer treat these as security
> events.)
Frédéric, I only have a violations.ignore.d/logcheck-kernel. Will try there.
>
>
> P.S.: Am I right in assuming that the only reason these show up in your
> logs is because you're using the "-j LOG" option?
>
If there was a way to not log these iptables denies I should consider
that because it does clutter up my logs in general. I'm not sure if
it's useful or not in the long run to have those around. Will look
into -j LOG ... where does that option go? To logcheck command or
iptables?
Thanks!
--
Milan
More information about the Logcheck-users
mailing list