how can i write iptables log to an appointed file

Printable View

Show 40 post(s) from this thread on one page

May 23rd, 2006, 06:36 PM
preacherman481

Thanks for the responses SirDice, and Vorlin :)

Alright, I understand now that source doesn't work with configuration files.

Ok, the reason why I said what I did what that I used . /etc/sysconfig/Susefirewall2 to read in some changes to my firewall setup without a reboot.

According to this page source can be used to read in commands from a text file. In other words, it need not be a shell script.

So if I understand this correctly, source may be used with regular text files (such as the Susefirewall2 file) but it will only allow you to read in commands from those files. It will not work with reading in to the shell a whole configuration setup.

SirDice, I may be misunderstanding you. Were you saying that source only works with shell scripts?
May 24th, 2006, 10:15 PM
stlivingston

You can modify your /etc/syslog.conf file to point to the file that you want to use for the iptables logs.

#Log iptables stuff to iptables log
kern.3 /var/log/iptables

/root/iptables, /home/%user%/iptables are other examples.
May 25th, 2006, 01:52 AM
toplanxue

i know a little, but i don't know how to express it
i hope u can add my ICQ --220014994
May 25th, 2006, 05:18 AM
kview

#Log iptables stuff to iptables log
kern.3 /var/log/iptables
=============================
i did it like just like stlivingston said.
but when i restart syslog, there is still nothing in file iptables. and all the log are still put into /var/log/messages

and to toplanxue: thanks ! i have added ur icq account.
May 25th, 2006, 06:17 AM
mmkhan

check the following link i think this is what you need.

http://iptables-tutorial.frozentux.n...html#LOGTARGET

Quote:

The LOG target is specially designed for logging detailed information about packets. These could, for example, be considered as illegal. Or, logging can be used purely for bug hunting and error finding. The LOG target will return specific information on packets, such as most of the IP headers and other information considered interesting. It does this via the kernel logging facility, normally syslogd. This information may then be read directly with dmesg, or from the syslogd logs, or with other programs or applications. This is an excellent target to use to debug your rule-sets, so that you can see what packets go where and what rules are applied on what packets. Note as well that it could be a really great idea to use the LOG target instead of the DROP target while you are testing a rule you are not 100% sure about on a production firewall, since a syntax error in the rule-sets could otherwise cause severe connectivity problems for your users. Also note that the ULOG target may be interesting if you are using really extensive logging, since the ULOG target has support for direct logging to MySQL databases and suchlike.
May 25th, 2006, 11:54 PM
stlivingston

What happens if you modify the syslog.conf file with this entry and restart the service?

kern.=debug /var/log/iptables

Let me know if you are having problems with this still.
June 18th, 2006, 07:15 AM
ktav

Here is what I do to read iptables' log:

first, in the firewall script when i use logging i also use the following directive (or something similar):

LOG --log-prefix "IPTABLES_LOG_xxx " ...

then, i make a file iptables.log.sh, containing the following command:

Code:

cat /var/log/messages* | grep IPTABLES_LOG | sort | less -S -# 1

also, you have to make it executable with:

chmod u+x iptables.log.sh

And that's it. Now when you execute it you have your firewall's log :)

Show 40 post(s) from this thread on one page