Where is the iptables' log?
Alexander Dalloz
ad+lists at uni-x.org
Tue Nov 9 01:08:50 UTC 2004
Am Di, den 09.11.2004 schrieb Jorge Fábregas um 1:47:
> > You need to configure the syslog daemon in /etc/syslog.conf to log your
> > desired kern.* priority into a specific log file under /var/log.
> > iptables itself does not log.
>
> ...but nothing is going to be logged unless you append to your netfilter
> rules, for example:
>
> -j LOG --log-level debug
>
> and then you would find the netfilter log in the line you specified in
> syslog.conf. In the above example, you we're specifyng severity: debug. Thus,
> you'll need to make sure the log file you want is covered by kern.debug.
>
> HTH,
> Jorge
Yes Jorge, thank you. Within the iptables rulesets you will have to
specify what cases shall be logged and to which severity (corresponding
to the setting for the syslog).
As an example:
[0:0] -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m
limit --limit 10/min -j LOG --log-prefix "detected SYN/FIN SCAN: "
--log-level 7 --log-tcp-options --log-ip-options
[0:0] -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
The first rule is for logging, the second for dropping the packets of
specified case. This way you can set up what to log. Prevent to log all
or your drive will be quickly filled with a large log file.
Alexander
--
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.8-1.521smp
Serendipity 02:08:16 up 19 days, 23:47, load average: 0.48, 0.47, 0.52
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041109/2dcdaffd/attachment-0001.sig>
More information about the fedora-list
mailing list