Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Thu, Dec 25, 2008 at 11:35:09AM -0500, David Kramer wrote: .......... > > 6) This is a side question, but how can I get firewall messages to go to > some other file than /var/log/messages? I get so many it's impossible > to find other messages. Procedure to log the iptables messages to a different log file Open your /etc/syslog.conf file: # vi /etc/syslog.conf Append following line kern.warning /var/log/iptables.log Save and close the file. Restart the syslogd (Debian / Ubuntu Linux):# /etc/init.d/sysklogd restartOn the other hand, use following command to restart syslogd under Red Hat/Cent OS/Fedora Core Linux:# /etc/init.d/syslog restart Now make sure you pass the log-level 4 option with log-prefix to iptables. For example: # DROP everything and Log it iptables -A INPUT -j LOG --log-level 4 iptables -A INPUT -j DROP For example, drop and log all connections from IP address 64.55.11.2 to your /var/log/iptables.log file: iptables -A INPUT -s 64.55.11.2 -m limit --limit 5/m --limit-burst 7 -j LOG --log-prefix '** HACKERS **'--log-level 4 iptables -A INPUT -s 64.55.11.2 -j DROP Where, * --log-level 4: Level of logging. The level # 4 is for warning. * --log-prefix '*** TEXT ***': Prefix log messages with the specified prefix (TEXT); up to 29 letters long, and useful for distinguishing messages in the logs. You can now see all iptables message logged to /var/log/iptables.log file: # tail -f /var/log/iptables.log Jeff Kinz (escaping the sound of the kid's new video games being played fullblast thru the stereo system, Happy Christmas! ) --
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |