how can i write iptables log to an appointed file
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: how can i write iptables log to an appointed file

  1. #1
    Junior Member
    Join Date
    Dec 2005
    Posts
    6

    Question how can i write iptables log to an appointed file

    well, just like the title.
    how can i write iptables log to an appointed file?

    for example, i make a new file named iptables_log.txt. and than i want to put iptables' log into this file. how can i make that?

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    I don't use iptables (or Linux) and it took me 2 seconds to find several answers:

    http://www.google.com/search?hl=en&q...=Google+Search
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    856
    If you're talking about doing this as a "one shot" deal, you can from the command line do this:

    (You will probably need to be root, since most of the time iptables togs will be inv /var which only root has access to.)

    # cat current_iptables_log > new_iptables_log.txt

    If you want to do it again and keep the old data also, use " >>" instead of ">". This will append the new data to the end of the file. Using ">" again would overwrite it.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  4. #4
    Junior Member
    Join Date
    Dec 2005
    Posts
    6
    but u know that iptables' log aways be put into /var/message with some other system logs.
    if you want to get its log information you have to do it by yourself.
    so i think maybe it is better to put its log into an appointed file

    i just find some said that modify the etc/syslog.con and use iptables' LOG command to do it.
    but it seems that it doesn't work.

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    After modifying /etc/syslog.conf you'll need to "killall -HUP syslogd"
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Originally posted here by SirDice
    After modifying /etc/syslog.conf you'll need to "killall -HUP syslogd"
    Yep, or reboot.

    A nicer thing to do if you have a few boxes is dump the iptables logs to a central server via syslog. Nifty stuff.

    --Th13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Yes, redirecting system logs of critical machines to another system explicitly set up for monitoring removes the ability to remove logs if anyone actually is able to break into a machine. That's how we have it set up at my workplace. And just for the record, on unix/linux you don't have to reboot for the syslog changes to take effect. Just do something like the following:

    Code:
    ps -ef | grep -v grep | grep syslogd | awk '{ print $2 }' | xargs kill -HUP
    or

    Code:
    kill -HUP `ps -ef | grep -v grep | grep syslogd | awk '{ print $2 }'`
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  8. #8
    Senior Member
    Join Date
    Feb 2002
    Posts
    856
    I believe the source command allows you to cause a configuration file to be read without a reboot.

    Just do :

    . (yes, that's a period) /etc/syslog.conf

    from the command line.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by preacherman481
    I believe the source command allows you to cause a configuration file to be read without a reboot.

    Just do :

    . (yes, that's a period) /etc/syslog.conf

    from the command line.
    No, this doesn't do what you think it does.... For starters syslog.conf isn't a shell script.. sourcing a file is only usefull when it's a shell script.. Especially when there are variables in it..
    On fbsd i.e. rc.conf gets sourced for configuration variables by the startup (rc) scripts.

    syslogd reads its configuration file when it starts up and whenever it receives a hangup signal.
    man syslogd for more info..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  10. #10
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Hehe, actually, if you source your syslog.conf file, you'll get something like the following:

    Code:
    . /etc/syslog.conf
    sh: mail.debug:  not found.
    sh: *.info:  not found.
    sh: mail.none:  not found.
    sh: *.alert:  not found.
    sh: *.alert:  not found.
    sh: *.emerg:  not found.
    Sourcing a file, as SirDice said, is only effective if you're executing a non-executable shell script, using your $SHELL variable which is set up when you log in. Unless you change it in your own .profile or /etc/profile or whatever, it's generally something like /usr/bin/sh for users and /sbin/sh for root.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •