Dome9 Agent version 1.6 and above supports configuration of local logging policy. The following guide will help you configure Dome9 logging with the powerful syslog-ng daemon.
- Locate the syslog-ng.conf file, usually under /etc/syslog-ng/ and edit it.
- Add a destination file for iptables logs at the bottom section, just before the final include and add these 3 lines
destination iptables { file("/var/log/iptables"); };
filter f_iptables { facility(kern) and match ("DOME9_" value("MESSAGE")); };
log { source(s_src); filter(f_iptables); destination(iptables); };
* note that s_src is your general source directive as defined in the syslog-ng.conf - Filter out the iptables messages from messages, syslog and kern.log by locating their respected lines in the conf and and adding and not filter(f_iptables) as shown below:
filter f_messages { not facility(auth, authpriv, kern) and not filter(f_iptables); }; - Restart syslog-ng
service syslog-ng restart