On Mon, 25 Oct 1999, Daniel Folkinshteyn wrote:
> hey,
> i am looking for a way to limit the amount of logging that syslog will do
> for ipchains packets, e.g. a certain amount of log entries per rule
> number, or a certain amount of log entries from ipchains per certain
> amount of time....
I don't know a great way to do this automatically. Ideally, you'd like to
have the syslog facility provide this functionality for you, but to my
knowledge, it doesn't. (Could be wrong on this...)
Take a look at 'syslog-ng' at http://www.balabit.hu/products/syslog-ng/;
it supports more sophisticated differentiation among logged info than the
standard syslogd, and even if it doesn't do specifically what you want,
you might be able to get it to solve your higher-level problem. For
example, you could log ipchains stuff to a particular file and then trim
that file more frequently than /var/log/syslog.
Shawn
This archive was generated by hypermail 2b29 : Wed Apr 27 2005 - 03:30:03 EDT