| 12345678910111213141516171819202122232425262728293031323334 |
- Turn on kernel logging of matching packets. When this option is set
- for a rule, the Linux kernel will print some information on all
- matching packets (like most IPv6 IPv6-header fields) via the kernel log
- (where it can be read with
- .I dmesg
- or
- .IR syslogd (8)).
- This is a "non-terminating target", i.e. rule traversal continues at
- the next rule. So if you want to LOG the packets you refuse, use two
- separate rules with the same matching criteria, first using target LOG
- then DROP (or REJECT).
- .TP
- \fB\-\-log\-level\fP \fIlevel\fP
- Level of logging, which can be (system-specific) numeric or a mnemonic.
- Possible values are (in decreasing order of priority): \fBemerg\fP,
- \fBalert\fP, \fBcrit\fP, \fBerror\fP, \fBwarning\fP, \fBnotice\fP, \fBinfo\fP
- or \fBdebug\fP.
- .TP
- \fB\-\-log\-prefix\fP \fIprefix\fP
- Prefix log messages with the specified prefix; up to 29 letters long,
- and useful for distinguishing messages in the logs.
- .TP
- \fB\-\-log\-tcp\-sequence\fP
- Log TCP sequence numbers. This is a security risk if the log is
- readable by users.
- .TP
- \fB\-\-log\-tcp\-options\fP
- Log options from the TCP packet header.
- .TP
- \fB\-\-log\-ip\-options\fP
- Log options from the IPv6 packet header.
- .TP
- \fB\-\-log\-uid\fP
- Log the userid of the process which generated the packet.
|
