Dome9 Agent iptables logging configuration with syslog-ng

In this topic:

    Dome9 Agent version 1.6 and above supports configuration of local logging policy. The following guide will help you configure Dome9 logging with the powerful syslog-ng daemon.

    1. Locate the syslog-ng.conf file, usually under /etc/syslog-ng/ and edit it.

    2. Add a destination file for iptables logs at the bottom section, just before the final include and add these 3 lines:

    destination iptables { file("/var/log/iptables"); };
    filter f_iptables { facility(kern) and match ("DOME9_" value("MESSAGE")); };
    log { source(s_src); filter(f_iptables); destination(iptables); };

    * note that s_src is your general source directive as defined in the syslog-ng.conf

    3. filter out the iptables messages from messages, syslog and kern.log by locating their respected lines in the conf and and adding  and not filter(f_iptables)  as shown below:

    filter f_messages { not facility(auth, authpriv, kern) and not filter(f_iptables); };


    4. restart syslog-ng

    service syslog-ng restart