Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Iptables Log, iptables log
arcanus
post Feb 20 2004, 07:45 PM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 4
Joined: 20-February 04
Member No.: 2,425



Hey

I log all not welcome traffic to /var/log/syslog
and now i wonder if i can fix so it logs in ex
/var/log/iptables.log ?

Thx for help
Go to the top of the page
 
+Quote Post
hughesjr
post Feb 20 2004, 09:21 PM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



I'm not sure if this will work, but give it a try:

Edit the file /etc/syslog.conf and find the log that has /var/log/messages in it... my line (in Fedora) looks like this:
CODE
*.info;mail.none;authpriv.none;cron.none                /var/log/messages


add ;iptables.none to the end of the line so that it looks like this:
CODE
*.info;mail.none;authpriv.none;cron.none;iptables.none                /var/log/messages


Then add 2 lines under it that look like this:
CODE
# Log all iptables logs in one place.
iptables.*                                                  /var/log/iptables.log


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
arcanus
post Feb 21 2004, 05:13 PM
Post #3


Whats this Lie-nix Thing?
*

Group: Members
Posts: 4
Joined: 20-February 04
Member No.: 2,425



nope dont work wink.gif
Go to the top of the page
 
+Quote Post
hughesjr
post Feb 21 2004, 05:20 PM
Post #4


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



In the /var/log/messages file, what is the name of the program for the iptables entry ... for example,
CODE
Dec  9 15:45:42 localhost portmap: portmap shutdown succeeded


Is an entry in my messages.

Post one of your IPTABLES log entries....


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
arcanus
post Feb 21 2004, 06:50 PM
Post #5


Whats this Lie-nix Thing?
*

Group: Members
Posts: 4
Joined: 20-February 04
Member No.: 2,425



Sorry man didnt know what do u mean wink.gif

maybe

Feb 19 13:16:30 localhost kernel: IN=eth0 OUT= MAC=00:c0:4f:83:02:3c:00:05:dc:b5:e4:54:08:00 SRC=xxx.xxx.xxx.xxx. DST=xxx.xxx.xxx.xxxx ........... ?
this is from /var/log/syslog
Go to the top of the page
 
+Quote Post
hughesjr
post Feb 23 2004, 11:45 PM
Post #6


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



That is what I was looking for ... BUT it is written by kernel:

That is bad because it means that it can't easily be split out while logging is taking place.

If all the entries you are concerned about have the words MAC and SRC and DST in them, then I can write you a bash script that copies just the lines that have MAC and SRC and DST in them and then deletes them from the messages file. You could run it via cron, or manually. It would also be easy to write a script that saved each days file to a seperate filename with the date....


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 23rd October 2017 - 07:30 PM