Help - Search - Members - Calendar
Full Version: Iptables Log
Linuxhelp > Support > Technical Support
arcanus
Hey

I log all not welcome traffic to /var/log/syslog
and now i wonder if i can fix so it logs in ex
/var/log/iptables.log ?

Thx for help
hughesjr
I'm not sure if this will work, but give it a try:

Edit the file /etc/syslog.conf and find the log that has /var/log/messages in it... my line (in Fedora) looks like this:
CODE
*.info;mail.none;authpriv.none;cron.none                /var/log/messages


add ;iptables.none to the end of the line so that it looks like this:
CODE
*.info;mail.none;authpriv.none;cron.none;iptables.none                /var/log/messages


Then add 2 lines under it that look like this:
CODE
# Log all iptables logs in one place.
iptables.*                                                  /var/log/iptables.log
arcanus
nope dont work wink.gif
hughesjr
In the /var/log/messages file, what is the name of the program for the iptables entry ... for example,
CODE
Dec  9 15:45:42 localhost portmap: portmap shutdown succeeded


Is an entry in my messages.

Post one of your IPTABLES log entries....
arcanus
Sorry man didnt know what do u mean wink.gif

maybe

Feb 19 13:16:30 localhost kernel: IN=eth0 OUT= MAC=00:c0:4f:83:02:3c:00:05:dc:b5:e4:54:08:00 SRC=xxx.xxx.xxx.xxx. DST=xxx.xxx.xxx.xxxx ........... ?
this is from /var/log/syslog
hughesjr
That is what I was looking for ... BUT it is written by kernel:

That is bad because it means that it can't easily be split out while logging is taking place.

If all the entries you are concerned about have the words MAC and SRC and DST in them, then I can write you a bash script that copies just the lines that have MAC and SRC and DST in them and then deletes them from the messages file. You could run it via cron, or manually. It would also be easy to write a script that saved each days file to a seperate filename with the date....
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.