Advice and answers from the Dome9 Security Team

All Collections
Knowledge Base
Dome9 Agent iptables logging configuration with syslog-ng

Dome9 Agent iptables logging configuration with syslog-ng

Written by Dome9 Support Team
Updated over a week ago

Dome9 Agent version 1.6 and above supports configuration of local logging policy. The following guide will help you configure Dome9 logging with the powerful syslog-ng daemon.

  1. Locate the syslog-ng.conf file, usually under /etc/syslog-ng/ and edit it.
  2. Add a destination file for iptables logs at the bottom section, just before the final include and add these 3 lines
    destination iptables { file("/var/log/iptables"); };
    filter f_iptables { facility(kern) and match ("DOME9_" value("MESSAGE")); };
    log { source(s_src); filter(f_iptables); destination(iptables); };
    * note that s_src is your general source directive as defined in the syslog-ng.conf
  3. Filter out the iptables messages from messages, syslog and kern.log by locating their respected lines in the conf and and adding  and not filter(f_iptables)  as shown below:
    filter f_messages { not facility(auth, authpriv, kern) and not filter(f_iptables); };
  4. Restart syslog-ng
    service syslog-ng restart
Did this answer your question?