Logging
Alexander Demenshin
aldem@aldem.net
Fri, 24 Sep 1999 11:08:05 +0200
> > iptables -j LOG
> >
> > also does not work (despite the fact that LOG
> > defined as a target).
>
> Hmm... are your libraries installed? Is the ipt_LOG.o module
> installed?
Yes, of course - at least I've done "make install", after
that checked physical presense of files, and checked some
other functionality.
>
> > Really, I see no reason why it should be a separate
> > module - just because logging is necessary almost
> > everywhere.
>
> No. Logging this way is usually a really stupid idea. You just flood
> your logs. But it's popular, and useful for debugging...
Hrrr... Well, I just mean that is should be possible to turn logging
on for every rule, it should not be turned on by default, of course :)
Say, old syntax:
ipchains -I -A deny -d 0/0 161 -l
means that in case if rule matches I will get a log record for it
(-l option).
But, in case if LOG is a target, it means that I cannot do logging
for rule with different target. So, why I should add another rule,
completely equal to another, to add logging? I see no reason,
really.
Well, you could say that I may create dedicated chain, place logging
rule first, and next - all decision rules, but it is inconvinient,
I think.
BTW... Long time ago in our discussion concerning ipchains, you told
me that everything should be done in user space, at least all that
can be done in user space - now I see kernel space and bunch of modules :))
/Al