Dome9 Agent iptables logging configuration with syslog-ng

In this topic:

    Dome9 Agent version 1.6 and above supports configuration of local logging policy. The following guide will help you configure Dome9 logging with the powerful syslog-ng daemon.

    1. Locate the syslog-ng.conf file, usually under /etc/syslog-ng/ and edit it.

    2. Add a destination file for iptables logs at the bottom section, just before the final include and add these 3 lines

    destination iptables { file("/var/log/iptables"); };

    filter f_iptables { facility(kern) and match ("DOME9_" value("MESSAGE")); }; log { source(s_src); filter(f_iptables); destination(iptables); };

    * note that s_src is your general source directive as defined in the syslog-ng.conf3. filter out the iptables messages from messages, syslog and kern.log by locating their respected lines in the conf and and adding and not filter(f_iptables) as shown below:

    filter f_messages { not facility(auth, authpriv, kern) and not filter(f_iptables); };

    4. restart syslog-ng

    service syslog-ng restart