HPE Community
Operating System - Linux
1828796 Members
2508 Online
109985 Solutions
New Discussion

Re: iptables log

 
SOLVED
Go to solution
Leovino A. Trinidad, Jr
Frequent Advisor

‎12-16-2003 04:50 PM

‎12-16-2003 04:50 PM

iptables log

Hi to all!

How do you put the logs generated by iptables into a different file aside from the message file?
0 Kudos
Reply
7 REPLIES 7
Stuart Browne
Honored Contributor

‎12-16-2003 04:55 PM

‎12-16-2003 04:55 PM

Re: iptables log

IPTables allows you to change the '--log-level' of the messages it logs.

Set it to it's own private level, modify '/etc/syslog.conf' to suit, and give it a whirl..
One long-haired git at your service...
0 Kudos
Reply
Ragu_1
Regular Advisor

‎12-16-2003 05:06 PM

‎12-16-2003 05:06 PM

Re: iptables log

If you have enabled ulog support in the Linux kernel, you can log all requests to blocked sevices/ports in /var/log/ulog/syslogemu.log; but before that you have to install ulogd, the Netfilter Userspace Logging Daemon. Tracking IPs becomes more easier!
Share and share alike
0 Kudos
Reply
Leovino A. Trinidad, Jr
Frequent Advisor

‎12-16-2003 06:56 PM

‎12-16-2003 06:56 PM

Re: iptables log

Hi Stuart!

Can you give me a sample of it?

Actually I already inserted the following in the syslog.conf and restarted it but still no data has been captured.
kern.=inf /var/log/iptables.log

sample rule:

$IPTABLES -A LPINGFLOOD -m limit --limit 1/s --limit-burst 3 -j LOG --log-level 3 --log-prefix "FW-Ping_FLOOD/DROP "

Thanks!

LAT
0 Kudos
Reply
Stuart Browne
Honored Contributor

‎12-17-2003 09:28 AM

‎12-17-2003 09:28 AM

Re: iptables log

Does the file '/var/log/iptables.log' exist?

If memory serves, the file has to exist before it will write to it (it won't create it).. But that could be another *nix I'm thinking of.
One long-haired git at your service...
0 Kudos
Reply
Leovino A. Trinidad, Jr
Frequent Advisor

‎12-17-2003 12:45 PM

‎12-17-2003 12:45 PM

Re: iptables log

Hi Stuart!

Yes, iptables.log was created when I added the entry in the syslog.conf and I see data when I tail the iptables.log. I guess it's working. Can you please help me confirm if this is working?

Thank you.


LAT
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎12-17-2003 01:25 PM

‎12-17-2003 01:25 PM

Solution

Re: iptables log

tail -f location_of_iptables log

Do that in a telnet window.

Then telnet to the server or access its web server, or use a browser to access the internet.

All of these activities should instantly write to the log and scroll in the telnet/terminal window as these activities take place.

Test something thats blocked too, not everything that is open.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Stuart Browne
Honored Contributor

‎12-17-2003 01:26 PM

‎12-17-2003 01:26 PM

Re: iptables log

Err, if stuff is in there, then it's working.

You should see entries similar to:

Dec 18 13:26:04 linux kernel: FORWARD:IN=eth0 OUT=eth0 src=207.241.134.236 DST=203.219.18.112 LEN=78 TOS=0x00 PREC=0x00 TTL=107 ID=26969 PROTO=UDP SPT=1025 DPT=
137 LEN=58

but 'FORWARD:' will be 'FW-Ping_FLOOD/DROP '.
One long-haired git at your service...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.