Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: how can i write iptables log to an appointed file

  1. #11
    Senior Member
    Join Date
    Feb 2002
    Posts
    855
    Thanks for the responses SirDice, and Vorlin

    Alright, I understand now that source doesn't work with configuration files.

    Ok, the reason why I said what I did what that I used . /etc/sysconfig/Susefirewall2 to read in some changes to my firewall setup without a reboot.


    According to this page source can be used to read in commands from a text file. In other words, it need not be a shell script.

    So if I understand this correctly, source may be used with regular text files (such as the Susefirewall2 file) but it will only allow you to read in commands from those files. It will not work with reading in to the shell a whole configuration setup.

    SirDice, I may be misunderstanding you. Were you saying that source only works with shell scripts?
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  2. #12
    Junior Member
    Join Date
    Apr 2006
    Posts
    20
    You can modify your /etc/syslog.conf file to point to the file that you want to use for the iptables logs.

    #Log iptables stuff to iptables log
    kern.3 /var/log/iptables

    /root/iptables, /home/%user%/iptables are other examples.

  3. #13
    Junior Member
    Join Date
    May 2006
    Posts
    2
    i know a little, but i don't know how to express it
    i hope u can add my ICQ --220014994
    god

  4. #14
    Junior Member
    Join Date
    Dec 2005
    Posts
    6
    #Log iptables stuff to iptables log
    kern.3 /var/log/iptables
    =============================
    i did it like just like stlivingston said.
    but when i restart syslog, there is still nothing in file iptables. and all the log are still put into /var/log/messages

    and to toplanxue: thanks ! i have added ur icq account.

  5. #15
    Senior Member
    Join Date
    May 2004
    Posts
    274
    check the following link i think this is what you need.

    http://iptables-tutorial.frozentux.n...html#LOGTARGET

    The LOG target is specially designed for logging detailed information about packets. These could, for example, be considered as illegal. Or, logging can be used purely for bug hunting and error finding. The LOG target will return specific information on packets, such as most of the IP headers and other information considered interesting. It does this via the kernel logging facility, normally syslogd. This information may then be read directly with dmesg, or from the syslogd logs, or with other programs or applications. This is an excellent target to use to debug your rule-sets, so that you can see what packets go where and what rules are applied on what packets. Note as well that it could be a really great idea to use the LOG target instead of the DROP target while you are testing a rule you are not 100% sure about on a production firewall, since a syntax error in the rule-sets could otherwise cause severe connectivity problems for your users. Also note that the ULOG target may be interesting if you are using really extensive logging, since the ULOG target has support for direct logging to MySQL databases and suchlike.
    Excuse me, is there an airport nearby large enough for a private jet to land?

  6. #16
    Junior Member
    Join Date
    Apr 2006
    Posts
    20
    What happens if you modify the syslog.conf file with this entry and restart the service?

    kern.=debug /var/log/iptables

    Let me know if you are having problems with this still.

  7. #17
    Junior Member
    Join Date
    Jun 2006
    Posts
    1
    Here is what I do to read iptables' log:

    first, in the firewall script when i use logging i also use the following directive (or something similar):

    LOG --log-prefix "IPTABLES_LOG_xxx " ...

    then, i make a file iptables.log.sh, containing the following command:

    Code:
    cat /var/log/messages* | grep IPTABLES_LOG | sort | less -S -# 1
    also, you have to make it executable with:

    chmod u+x iptables.log.sh

    And that's it. Now when you execute it you have your firewall's log
    Linux... because rebooting is for adding new hardware!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •