Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)
LOG has the following options:
--log-level level
Level of logging (keyword or numeric): debug (or 7), info (or 6), notice (or 5), warning (or 4),
err (or 3), crit (or 2), alert (or 1), emerg (or 0).
Default is warning if not specified. If the specified severity of log-level is ‘info’ or above (e.g.,
warning), the log message is also sent to NSK host generating a 5232 EMS event in $0.
NOTE: Care should be used so as to not flood EMS with events.
--log-prefix prefix
Prefix log messages with the specified prefix; up to 25 letters long, and useful for distinguishing
messages in the logs.
--log-tcp-sequence
Log TCP sequence numbers. This is a security risk if the log is readable by users.
--log-tcp-options
Log options from the TCP packet header.
--log-ip-options
Log options from the IP packet header.
--log-uid
Log the userid of the process which generated the packet.
Example 1:
Both syslog and EMS display the message.
climiptables –A CIP_INPUT –j LOG --log-level info --log-prefix
“LOGDROP”
climiptables –A CIP_INPUT –j DROP
Example 2:
The message is only logged in the syslog not in EMS.
climiptables –A CIP_INPUT –j LOG --log-level debug --log-prefix
“LOGDROP”
climiptables –A CIP_INPUT –j DROP
reject
Used to send back an error packet in response to the matched packet: otherwise it is equivalent
to DROP so it is a terminating TARGET, ending rule traversal. The following option controls the
nature of the error packet returned:
--reject-with type
The type given for ip6tables can be
icmp6-no-route
no-route
icmp6-adm-prohibited
adm-prohibited
icmp6-addr-unreachable
addr-unreach
icmp6-port-unreachable
port-unreach
333