Help - Search - Members - Calendar
Full Version: Iptables Log
Linuxhelp > Support > Technical Support

I log all not welcome traffic to /var/log/syslog
and now i wonder if i can fix so it logs in ex
/var/log/iptables.log ?

Thx for help
I'm not sure if this will work, but give it a try:

Edit the file /etc/syslog.conf and find the log that has /var/log/messages in it... my line (in Fedora) looks like this:
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

add ;iptables.none to the end of the line so that it looks like this:
*.info;mail.none;authpriv.none;cron.none;iptables.none                /var/log/messages

Then add 2 lines under it that look like this:
# Log all iptables logs in one place.
iptables.*                                                  /var/log/iptables.log
nope dont work wink.gif
In the /var/log/messages file, what is the name of the program for the iptables entry ... for example,
Dec  9 15:45:42 localhost portmap: portmap shutdown succeeded

Is an entry in my messages.

Post one of your IPTABLES log entries....
Sorry man didnt know what do u mean wink.gif


Feb 19 13:16:30 localhost kernel: IN=eth0 OUT= MAC=00:c0:4f:83:02:3c:00:05:dc:b5:e4:54:08:00 ........... ?
this is from /var/log/syslog
That is what I was looking for ... BUT it is written by kernel:

That is bad because it means that it can't easily be split out while logging is taking place.

If all the entries you are concerned about have the words MAC and SRC and DST in them, then I can write you a bash script that copies just the lines that have MAC and SRC and DST in them and then deletes them from the messages file. You could run it via cron, or manually. It would also be easy to write a script that saved each days file to a seperate filename with the date....
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2018 Invision Power Services, Inc.