From e0d85a97cc755d5df14cd50af33f6ea8ab017b84 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 23 Jun 2014 02:49:38 +0200 Subject: src: add level option to the log statement This patch is required if you use upcoming Linux kernels >= 3.17 which come with a complete logging support for nf_tables. If you use 'log' without options, the kernel logging buffer is used: nft> add rule filter input log You can also specify the logging prefix string: nft> add rule filter input log prefix "input: " You may want to specify the log level: nft> add rule filter input log prefix "input: " level notice By default, if not specified, the default level is 'warn' (just like in iptables). If you specify the group, then nft uses the nfnetlink_log instead: nft> add rule filter input log prefix "input: " group 10 You can also specify the snaplen and qthreshold for the nfnetlink_log. But you cannot mix level and group at the same time, they are mutually exclusive. Default values for both snaplen and qthreshold are 0 (just like in iptables). Signed-off-by: Pablo Neira Ayuso --- src/scanner.l | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src/scanner.l') diff --git a/src/scanner.l b/src/scanner.l index 73a1a3f1..4eec92f5 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -276,6 +276,15 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "group" { return GROUP; } "snaplen" { return SNAPLEN; } "queue-threshold" { return QUEUE_THRESHOLD; } +"level" { return LEVEL; } +"emerg" { return LEVEL_EMERG; } +"alert" { return LEVEL_ALERT; } +"crit" { return LEVEL_CRIT; } +"err" { return LEVEL_ERR; } +"warn" { return LEVEL_WARN; } +"notice" { return LEVEL_NOTICE; } +"info" { return LEVEL_INFO; } +"debug" { return LEVEL_DEBUG; } "queue" { return QUEUE;} "num" { return QUEUENUM;} -- cgit v1.2.3