Is there a way to modify the --log-prefix setting in Astaro 6.1 to change "DROP" to something else. I have some logging/report tools that require a different prefixr
OK. I can think of a few ways to do this without modifying any code on ASL.
1. modify the syslog-ng configuration on ASL to add IPTABLES to the logs. (this could void your ASL support)
2. use a remote syslog server, and have it change the log prefix? (OK by Astaro)
3. use [sed|perl|whatever] to modify the log files before processing them. This would be trivial. e.g. sed 's/DROP/IPTABLES DROP/g' INPUTFILE > OUTPUTFILE
Thanks kindly Barry. I had hoped to avoid re-processing syslog since I direct 4 servers syslog, including the ASL box, so its a busy and large syslog. And I also wanted to avoid going in an manually changing syslog-ng. But it looks like these may be the only ways.
Do you know if I can tail the syslog into another file which will be updated as the "normal" syslog is updated, and maybe even grep out only the iptables lines? The logger is a daemon that monitors the log file with a tail command, looks for those '[IPTABLES DROP]' lines and writes them to MySql
