Firewalld to log?

[Dan Mossor]

I've got a project I'm working on for firewalld, and that list seems to 
have disappeared from mailman so I thought I would ask here.

My immediate query is the logging options for direct rules, as well as 
firewalld specific logging. I know direct rules are out of the scope of 
firewalld, as they are true iptables rules applied directly to 
netfilter. When you specify logging of packets in the direct rules, the 
logs get reported as kernel messages through journald. Is there any way 
to configure IPtables to write to a different log file, or is  it this 
way due to the way netfilter is integrated with the kernel?

I've found ways to do it by specifying log levels as part of the 
argument, and using rsyslog or syslog-ng to filter out the level you 
specify into a different log, but I've not been able to discern a 
corresponding process for journald.

As for firewalld itself, I hope my project will eventually meet the 
quality needed to submit to Thomas for including it. Can firewalld 
provide more granular logging? I know it reports to journald as a unit 
you can filter on, which may end up being the best answer, but I was 
wondering if there was any facility provided to write to a log file or pipe.

Dan

-- 
Dan Mossor
Systems Engineer at Large
Fedora KDE WG | Fedora QA Team | Fedora Server SIG
Fedora Infrastructure Apprentice
FAS: dmossor IRC: danofsatx
San Antonio, Texas, USA