1*a71a9546SAutomerger Merge WorkerTurn on kernel logging of matching packets. When this option is set 2*a71a9546SAutomerger Merge Workerfor a rule, the Linux kernel will print some information on all 3*a71a9546SAutomerger Merge Workermatching packets (like most IP/IPv6 header fields) via the kernel log 4*a71a9546SAutomerger Merge Worker(where it can be read with \fIdmesg(1)\fP or read in the syslog). 5*a71a9546SAutomerger Merge Worker.PP 6*a71a9546SAutomerger Merge WorkerThis is a "non-terminating target", i.e. rule traversal continues at 7*a71a9546SAutomerger Merge Workerthe next rule. So if you want to LOG the packets you refuse, use two 8*a71a9546SAutomerger Merge Workerseparate rules with the same matching criteria, first using target LOG 9*a71a9546SAutomerger Merge Workerthen DROP (or REJECT). 10*a71a9546SAutomerger Merge Worker.TP 11*a71a9546SAutomerger Merge Worker\fB\-\-log\-level\fP \fIlevel\fP 12*a71a9546SAutomerger Merge WorkerLevel of logging, which can be (system-specific) numeric or a mnemonic. 13*a71a9546SAutomerger Merge WorkerPossible values are (in decreasing order of priority): \fBemerg\fP, 14*a71a9546SAutomerger Merge Worker\fBalert\fP, \fBcrit\fP, \fBerror\fP, \fBwarning\fP, \fBnotice\fP, \fBinfo\fP 15*a71a9546SAutomerger Merge Workeror \fBdebug\fP. 16*a71a9546SAutomerger Merge Worker.TP 17*a71a9546SAutomerger Merge Worker\fB\-\-log\-prefix\fP \fIprefix\fP 18*a71a9546SAutomerger Merge WorkerPrefix log messages with the specified prefix; up to 29 letters long, 19*a71a9546SAutomerger Merge Workerand useful for distinguishing messages in the logs. 20*a71a9546SAutomerger Merge Worker.TP 21*a71a9546SAutomerger Merge Worker\fB\-\-log\-tcp\-sequence\fP 22*a71a9546SAutomerger Merge WorkerLog TCP sequence numbers. This is a security risk if the log is 23*a71a9546SAutomerger Merge Workerreadable by users. 24*a71a9546SAutomerger Merge Worker.TP 25*a71a9546SAutomerger Merge Worker\fB\-\-log\-tcp\-options\fP 26*a71a9546SAutomerger Merge WorkerLog options from the TCP packet header. 27*a71a9546SAutomerger Merge Worker.TP 28*a71a9546SAutomerger Merge Worker\fB\-\-log\-ip\-options\fP 29*a71a9546SAutomerger Merge WorkerLog options from the IP/IPv6 packet header. 30*a71a9546SAutomerger Merge Worker.TP 31*a71a9546SAutomerger Merge Worker\fB\-\-log\-uid\fP 32*a71a9546SAutomerger Merge WorkerLog the userid of the process which generated the packet. 33*a71a9546SAutomerger Merge Worker.TP 34*a71a9546SAutomerger Merge Worker\fB\-\-log\-macdecode\fP 35*a71a9546SAutomerger Merge WorkerLog MAC addresses and protocol. 36