On Thu, 31 Jan 2002 Benjamin.Feinsteinat_private wrote: > Hey ya'll, > > Assuming iptables uses klogd to log its messages to /var/log/messages, is > there a way to specifiy the format of the timestamp that klogd prepends to a > log message? The logging daemon is prepending a timestamp of "MMM dd > hh:mm:ss", but I need to have the "yyyy" in the timestamp as well. The standard (cf. RFC3164) output is Mmm dd hh:mm:ss. (as you say) But you could change the output of syslogd or klogd by changing the source code. You can also check the current time and check the difference to guess the year. http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/ipfc/ipfc/src/db-backend/db-backend-daemon/process_transport_syslog_line.pl?rev=1.1&content-type=text/vnd.viewcvs-markup ok, it's not very clean but it works ;-) > > Additionally, does anyone know how to get iptables to log to a logging > facility other than "kernel"? I am aware of the ULOG target, but I have read > that ULOG should not be used as a matching target for any significant amount > of logging. Anybody have experience using the ULOG target, good or bad? > > I'm using klogd 1.4.1 and iptables 1.2.5 on a RH 7.2 box w/ kernel 2.4.17. Yes, iptables uses the facility kern at priority warning (4). You can recompile the iptables and changing the facility in the source code. You can also use the LOG prefix if you want to redirect the iptables logging. (with some regular expression with syslog-ng for example) For ULOG, I don't use it. Hope this helps alx -- Alexandre Dulaunoy adulauat_private http://www.conostix.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Thu Jan 31 2002 - 12:53:02 PST