how can i write iptables log to an appointed file

**kview** · May 19th, 2006, 01:27 PM

well, just like the title.
how can i write iptables log to an appointed file?

for example, i make a new file named iptables_log.txt. and than i want to put iptables' log into this file. how can i make that?

***SirDice*** · May 19th, 2006, 01:45 PM

I don't use iptables (or Linux) and it took me 2 seconds to find several answers:

http://www.google.com/search?hl=en&q...=Google+Search

***preacherman481*** · May 19th, 2006, 01:51 PM

If you're talking about doing this as a "one shot" deal, you can from the command line do this:

(You will probably need to be root, since most of the time iptables togs will be inv /var which only root has access to.)

# cat current_iptables_log > new_iptables_log.txt

If you want to do it again and keep the old data also, use " >>" instead of ">". This will append the new data to the end of the file. Using ">" again would overwrite it.

**kview** · May 19th, 2006, 03:01 PM

but u know that iptables' log aways be put into /var/message with some other system logs.
if you want to get its log information you have to do it by yourself.
so i think maybe it is better to put its log into an appointed file

i just find some said that modify the etc/syslog.con and use iptables' LOG command to do it.
but it seems that it doesn't work.

***SirDice*** · May 19th, 2006, 03:30 PM

After modifying /etc/syslog.conf you'll need to "killall -HUP syslogd"

***thehorse13*** · May 19th, 2006, 03:42 PM

Originally posted here by SirDice
After modifying /etc/syslog.conf you'll need to "killall -HUP syslogd"

Yep, or reboot.

A nicer thing to do if you have a few boxes is dump the iptables logs to a central server via syslog. Nifty stuff.

--Th13

***Vorlin*** · May 23rd, 2006, 02:53 PM

Yes, redirecting system logs of critical machines to another system explicitly set up for monitoring removes the ability to remove logs if anyone actually is able to break into a machine. That's how we have it set up at my workplace. And just for the record, on unix/linux you don't have to reboot for the syslog changes to take effect. Just do something like the following:

Code:

ps -ef | grep -v grep | grep syslogd | awk '{ print $2 }' | xargs kill -HUP

or

Code:

kill -HUP `ps -ef | grep -v grep | grep syslogd | awk '{ print $2 }'`

***preacherman481*** · May 23rd, 2006, 03:03 PM

I believe the source command allows you to cause a configuration file to be read without a reboot.

Just do :

. (yes, that's a period) /etc/syslog.conf

from the command line.

***SirDice*** · May 23rd, 2006, 03:20 PM

Originally posted here by preacherman481
I believe the source command allows you to cause a configuration file to be read without a reboot.

Just do :

. (yes, that's a period) /etc/syslog.conf

from the command line.

No, this doesn't do what you think it does.... For starters syslog.conf isn't a shell script.. sourcing a file is only usefull when it's a shell script.. Especially when there are variables in it..
On fbsd i.e. rc.conf gets sourced for configuration variables by the startup (rc) scripts.

syslogd reads its configuration file when it starts up and whenever it receives a hangup signal.

man syslogd for more info..

***Vorlin*** · May 23rd, 2006, 03:32 PM

Hehe, actually, if you source your syslog.conf file, you'll get something like the following:

Code:

. /etc/syslog.conf
sh: mail.debug:  not found.
sh: *.info:  not found.
sh: mail.none:  not found.
sh: *.alert:  not found.
sh: *.alert:  not found.
sh: *.emerg:  not found.

Sourcing a file, as SirDice said, is only effective if you're executing a non-executable shell script, using your $SHELL variable which is set up when you log in. Unless you change it in your own .profile or /etc/profile or whatever, it's generally something like /usr/bin/sh for users and /sbin/sh for root.

Thread: how can i write iptables log to an appointed file

Thread Tools

Display

how can i write iptables log to an appointed file

Posting Permissions