Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

iptables issue?



On Thu, Dec 25, 2008 at 11:35:09AM -0500, David Kramer wrote:
..........
> 
> 6) This is a side question, but how can I get firewall messages to go to 
> some other file than /var/log/messages?  I get so many it's impossible 
> to find other messages.

Procedure to log the iptables messages to a different log file

Open your /etc/syslog.conf file:
# vi /etc/syslog.conf
Append following line
kern.warning /var/log/iptables.log
Save and close the file.

Restart the syslogd (Debian / Ubuntu Linux):#
/etc/init.d/sysklogd restartOn the other hand, use following
command to restart syslogd under Red Hat/Cent OS/Fedora Core
Linux:# /etc/init.d/syslog restart

Now make sure you pass the log-level 4 option with log-prefix to
iptables. For example:
# DROP everything and Log it
iptables -A INPUT -j LOG --log-level 4
iptables -A INPUT -j DROP

For example, drop and log all connections from IP address
64.55.11.2 to your /var/log/iptables.log file:
iptables -A INPUT -s 64.55.11.2 -m limit --limit 5/m
--limit-burst 7 -j LOG --log-prefix '** HACKERS **'--log-level 4
iptables -A INPUT -s 64.55.11.2 -j DROP

Where,

 * --log-level 4: Level of logging. The level # 4 is for warning.
 * --log-prefix '*** TEXT ***': Prefix log messages with the
specified prefix (TEXT); up to 29 letters long, and useful for
distinguishing messages in the logs.

You can now see all iptables message logged to /var/log/iptables.log file:
# tail -f /var/log/iptables.log


Jeff Kinz
(escaping the sound of the kid's new video games being played
fullblast thru the stereo system,  Happy Christmas! ) 


-- 






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org