well, just like the title.
how can i write iptables log to an appointed file?
for example, i make a new file named iptables_log.txt. and than i want to put iptables' log into this file. how can i make that?
Printable View
well, just like the title.
how can i write iptables log to an appointed file?
for example, i make a new file named iptables_log.txt. and than i want to put iptables' log into this file. how can i make that?
I don't use iptables (or Linux) and it took me 2 seconds to find several answers:
http://www.google.com/search?hl=en&q...=Google+Search
If you're talking about doing this as a "one shot" deal, you can from the command line do this:
(You will probably need to be root, since most of the time iptables togs will be inv /var which only root has access to.)
# cat current_iptables_log > new_iptables_log.txt
If you want to do it again and keep the old data also, use " >>" instead of ">". This will append the new data to the end of the file. Using ">" again would overwrite it.
but u know that iptables' log aways be put into /var/message with some other system logs.
if you want to get its log information you have to do it by yourself.
so i think maybe it is better to put its log into an appointed file
i just find some said that modify the etc/syslog.con and use iptables' LOG command to do it.
but it seems that it doesn't work.
After modifying /etc/syslog.conf you'll need to "killall -HUP syslogd"
Yep, or reboot.Quote:
Originally posted here by SirDice
After modifying /etc/syslog.conf you'll need to "killall -HUP syslogd"
A nicer thing to do if you have a few boxes is dump the iptables logs to a central server via syslog. Nifty stuff.
--Th13
Yes, redirecting system logs of critical machines to another system explicitly set up for monitoring removes the ability to remove logs if anyone actually is able to break into a machine. That's how we have it set up at my workplace. And just for the record, on unix/linux you don't have to reboot for the syslog changes to take effect. Just do something like the following:
orCode:ps -ef | grep -v grep | grep syslogd | awk '{ print $2 }' | xargs kill -HUP
Code:kill -HUP `ps -ef | grep -v grep | grep syslogd | awk '{ print $2 }'`
I believe the source command allows you to cause a configuration file to be read without a reboot.
Just do :
. (yes, that's a period) /etc/syslog.conf
from the command line.
No, this doesn't do what you think it does.... For starters syslog.conf isn't a shell script.. sourcing a file is only usefull when it's a shell script.. Especially when there are variables in it..Quote:
Originally posted here by preacherman481
I believe the source command allows you to cause a configuration file to be read without a reboot.
Just do :
. (yes, that's a period) /etc/syslog.conf
from the command line.
On fbsd i.e. rc.conf gets sourced for configuration variables by the startup (rc) scripts.
man syslogd for more info..Quote:
syslogd reads its configuration file when it starts up and whenever it receives a hangup signal.
Hehe, actually, if you source your syslog.conf file, you'll get something like the following:
Sourcing a file, as SirDice said, is only effective if you're executing a non-executable shell script, using your $SHELL variable which is set up when you log in. Unless you change it in your own .profile or /etc/profile or whatever, it's generally something like /usr/bin/sh for users and /sbin/sh for root.Code:. /etc/syslog.conf
sh: mail.debug: not found.
sh: *.info: not found.
sh: mail.none: not found.
sh: *.alert: not found.
sh: *.alert: not found.
sh: *.emerg: not found.