[foxbat]

hi guys and gals. I need some help with regards to extracting iptables logs from the journal. This is what my iptables looks like.

$this->bbcode_second_pass_code('', '[odroid@odroid-xu ~]$ sudo iptables -L -v
Chain INPUT (policy ACCEPT 10 packets, 720 bytes)
pkts bytes target prot opt in out source destination
10 720 logging all -- any any anywhere anywhere

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 6 packets, 848 bytes)
pkts bytes target prot opt in out source destination
6 848 logging all -- any any anywhere anywhere

Chain logging (2 references)
pkts bytes target prot opt in out source destination
5 440 LOG all -- any any anywhere anywhere limit: avg 2/min burst 5 LOG level debug prefix "IPTables general: "
')

as you can see its set to log every packet *this is for debugging purpose*. Unfortunately i dont see any logging in the journal. I know that the logging works in my debian system and im sure it works in Arch as well but i am unsure on how to extract the data.

$this->bbcode_second_pass_code('', '-- Logs begin at Sun 2012-01-01 11:00:05 EST. --
Apr 18 12:10:47 odroid-xu systemd[1]: Starting Packet Filtering Framework...
Apr 18 12:10:47 odroid-xu systemd[1]: Started Packet Filtering Framework.
Apr 18 12:10:47 odroid-xu sudo[3262]: pam_unix(sudo:session): session closed for user root
Apr 18 12:10:51 odroid-xu sudo[3266]: odroid : TTY=pts/1 ; PWD=/home/odroid ; USER=root ; COMMAND=/usr/bin/iptables -L -v
Apr 18 12:10:51 odroid-xu sudo[3266]: pam_unix(sudo:session): session opened for user root by odroid(uid=0)
Apr 18 12:10:51 odroid-xu sudo[3266]: pam_unix(sudo:session): session closed for user root
Apr 18 12:12:38 odroid-xu smbd[3270]: [2014/04/18 12:12:38.109752, 0] ../source3/printing/print_cups.c:151(cups_connect)
Apr 18 12:12:38 odroid-xu smbd[3270]: Unable to connect to CUPS server /var/run/cups/cups.sock:631 - Bad file descriptor
Apr 18 12:12:38 odroid-xu smbd[271]: [2014/04/18 12:12:38.116744, 0] ../source3/printing/print_cups.c:528(cups_async_callback)
Apr 18 12:12:38 odroid-xu smbd[271]: failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
')
this is output of journal

[foxbat]

Ok, after further digging around. I found that none of the kernel messages are being logged by journal. I issued the journalctl -k command and nothing showed up. Then i issued dmesg and i saw a whole bunch logs that was not in the journal. This is on the odroid-xu image. However i dont have this problem with the desktop version of Arch or the odroid-u3 image. Mods if possible could you please move this to the appropriate forum.

[brenix]

I am experiencing this same issue. Did you happen to find a solution to this?

It seems no kernel messages are being logged by systemd. journalctl -k returns nothing. I've tried changing the systemd log target via kernel boot arguments, but this didn't seem to help..