Further adventures in Firewall upgrades
Duston, Hal
hdusto01 at sprintspectrum.com
Mon Apr 8 21:47:34 CDT 2002
Brian Densmore [mailto:DensmoreB at ctbsonline.com] wrote:
>
> > ...so why not add code to iptables to log directly to
> > a remote syslog server? I can't imagine it would take
> > more than 200 lines of code, including command parsing,
> > data structures, and syslog packet generation.
>
> Not necessary to code. You can add iptables rules to log
> and the init script for iptables can tell it where to
> log. Still I can't imagine using this, unless you never
> have to worry about changes.
Well, the way the kernel does logging, is to make data
available in a buffer. syslogd is a user-space app which
reads this buffer, and writes is where you have told it.
Since there is no userspace running, you would need to do
this in kernelspace. ksyslogd anybody?
Hal
More information about the Kclug
mailing list