HPE Community
Operating System - Linux
1829400 Members
1438 Online
109991 Solutions
New Discussion

Enable Logging on RH 7.3 Firewall

 
varian_1
Advisor

‎10-13-2003 02:46 AM

‎10-13-2003 02:46 AM

Enable Logging on RH 7.3 Firewall

Hi,

I am using RedHat 7.3 with firewall on Multihome machine. I have configured the rules thru Firewall-config utility & its working fine.
But no log is being generated of the firewall rules either in /var/log/messages or /var/log/secure .

Can please let me know how to enable the logging into Linux 7.3 Firewall, so that the log can be generated of the packet passed thru the firewall & packet denied thru the firewall.

Thanks in advance.

Varian.
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎10-13-2003 03:05 AM

‎10-13-2003 03:05 AM

Re: Enable Logging on RH 7.3 Firewall

Which firewall are you using, iptables or ipchains.

I don't currently keep a log on my iptables firewall but want to. If your question is an iptables question, I'll figure it out and get back to you. FAST.

Firewall configuration is in the following file:

/etc/sysconfig/iptables or ipchains

Depending on which one you are using.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

‎10-13-2003 03:06 AM

‎10-13-2003 03:06 AM

Re: Enable Logging on RH 7.3 Firewall

try to execute the command from command promt.I think RedHat 7.3 uses ipchains by default and it there is a newer application called iptables
here is the example of adding a rule with logging using iptables
iptables -A INPUT -p tcp -m multiport -m state --state NEW --dport 22,25,110,113 -i eth0 -m limit -j LOG --log-prefix "ACCEPTED:"


anyway if you still would like to use ipchains -see it's man.
by the way to stop using ipchains and to move forward to iptables you must do the following one by one:
chkconfig ipchains off
chkconfig --del ipchains
chkconfig --add iptables
chkconfig iptables on
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎10-13-2003 05:59 AM

‎10-13-2003 05:59 AM

Re: Enable Logging on RH 7.3 Firewall

You don't want to use ipchains. Its obsolete.


I'm going to need a couple of hours to play around and get you a working configuration.


If I find a doc, I'll post it and give you a head start.

Here is a possbility.
http://linux.ardynet.com/ipmasq/ipmasq.php3#iptables
What I have yet to figure out is how to define the logfile. Then of course, you have to filter and interpret the log file.
I will give this a shot in about 7-8 hours when I get to my test Linux Server.

Please if my work is useful reward it with the point system.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎10-13-2003 06:46 AM

‎10-13-2003 06:46 AM

Re: Enable Logging on RH 7.3 Firewall

I have messages logging to /var/log/messages

Here is how:
in /etc/sysconfig/iptables same rule as you were editing...

-A INPUT -d ip_of_nic -m state RELATED,ESTABLISHED -j LOG --log-level 2 --log-tcp-sequence

Logging is pretty intense and I'm going to dial it back and play some more.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎10-13-2003 07:09 AM

‎10-13-2003 07:09 AM

Re: Enable Logging on RH 7.3 Firewall

I'm going to give it a rest now.

I found this document particularly useful.

http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-iptables-options.html

Check the man on syslog.conf for directing the output into a different file. Watch diskspace on /var

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.