http://www.networkinghowtos.com/howto/change-the-iptables-log-file/

 
 

An important aspect of any firewall are the log files. Iptables on Linux provides logging functionality, however by default, it will get outputted to the /var/log/messages log file. This can clutter things up, and make it hard to check the logs.

If you want to change the file that IPTables logs to, you need to set up your iptables rules to output a log prefix. Rsyslog will then be configured to pick up this prefix, and output the information to a custom log file, containing just the iptables log information.

Install rsyslog if it is not already installed.

$ sudo apt-get install -y rsyslog

Configure your iptables firewall rules to output a log prefix using the –log-prefix command:

$ sudo iptables -A INPUT -p tcp --dport 22 --syn -j LOG --log-prefix "iptables: "

(this will log connection attempts to the SSH port)

Next you need to configure rsyslog to pickup the iptables log prefix.

Create an empty rsyslog conf file for iptables.

$ sudo touch /etc/rsyslog.d/10-iptables.conf

Open this file up in a file editor.

$ sudo nano /etc/rsyslog.d/10-iptables.conf

Add the following two lines:

:msg, contains, "iptables: " -/var/log/iptables.log

& ~

Save the file and exit the editor.

The first line checks the log data for the word “iptables: ” and appends it into the /var/log/iptables.log file.

The second line simply halts the processing of the log information, so that it doesnt get logged into /var/log/messages as well as the iptables.log file.

Restart rsyslog:

$ sudo service rsyslog restart

The logs should now be appearing in /var/log/iptables.log

You can verify this by tailing the log file:

$ tail -f /var/log/iptables.log

Try and connect to SSH from another machine, and you should see a log entry get created, and appear on the screen automatically.

Eg:

$ tail -f /var/log/iptables.log

Feb 20 23:27:11 ubuntu kernel: [1988916.899165] iptables: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:

00:00:00:00:00:00:00 SRC=192.168.0.3 DST=192.168.0.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=30541

DF PROTO=TCP SPT=60148 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

Close the ‘tail’ program using Ctrl+c.

Change the IPTables log file的更多相关文章

  1. ORACLE等待事件: log file parallel write

    log file parallel write概念介绍 log file parallel write 事件是LGWR进程专属的等待事件,发生在LGWR将日志缓冲区(log_buffer)中的重做日志 ...

  2. Managing IIS Log File Storage

    Managing IIS Log File Storage   You can manage the amount of server disk space that Internet Informa ...

  3. bdb log file 预设长度的性能优化

    看代码随手记:log_put.c, __log_write() /* * If we're writing the first block in a log file on a filesystem ...

  4. mysql从库Last_IO_Error: Got fatal error 1236 from master when reading data from binary log: 'Could not find first log file name in binary log index file'报错处理

    年后回来查看mysql运行状况与备份情况,登录mysql从库查看主从同步状态 mysql> show slave status\G; *************************** . ...

  5. 完全揭秘log file sync等待事件-转自itpub

    原贴地址:http://www.itpub.net/thread-1777234-1-1.html   谢谢 guoyJoe 老大 这里先引用一下tanel poder大师的图: 什么是log fil ...

  6. 'Could not find first log file name in binary log index file'的解决办法

    数据库主从出错: Slave_IO_Running: No 一方面原因是因为网络通信的问题也有可能是日志读取错误的问题.以下是日志出错问题的解决方案: Last_IO_Error: Got fatal ...

  7. Oracle 联机重做日志文件(ONLINE LOG FILE)

    --========================================= -- Oracle 联机重做日志文件(ONLINE LOG FILE) --================== ...

  8. Got fatal error 1236 from master when reading data from binary log: 'Could not find first log file name in binary log index file'

    setup slave from backup i got error Got fatal error 1236 from master when reading data from binary l ...

  9. oracle之 等待事件LOG FILE SYNC (awr)优化

    log file sycn是ORACLE里最普遍的等待事件之一,一般log file sycn的等待时间都非常短 1-5ms,不会有什么问题,但是一旦出问题,往往都比较难解决.什么时候会产生log f ...

随机推荐

  1. word record 3

    word record 3 tabloid : a half size page of a newspaper, or a newspaper or magazine with short, exci ...

  2. Lua学习笔记(1): HelloWorld和数据类型

    Lua是一个轻量级的脚本语言,由c语言编写,容易嵌入到应用中,深受游戏开发者的青睐 环境安装 选用SciTE作为lua的IDE 可以在github找到这个开源的软件 SciTE下载链接 安装好之后打开 ...

  3. Quartz定时器原理与使用

    Quartz是OpenSymphony开源组织在Job scheduling领域又一个开源项目,是一个完全由java编写的开源作业调度框架. Quartz可以用来创建简单或为运行十个,百个,甚至是好几 ...

  4. CPU设计学习-流水线

    各种名词 标量流水线 超级流水线 超标量流水线与多发射技术 经典五级流水线 IF |Instruction Fetch,取指 ID |Instruction Decode,译码 EX |Execute ...

  5. Jedis 与 MySQL的连接线程安全问题

    Jedis的连接是非线程安全的 下面是set命令的执行过程,简单分为两个过程,客户端向服务端发送数据,服务端向客户端返回数据,从下面的代码来看:从建立连接到执行命令是没有进行任何并发同步的控制 pub ...

  6. Java 单例模式探讨

    以下是我再次研究单例(Java 单例模式缺点)时在网上收集的资料,相信你们看完就对单例完全掌握了 Java单例模式应该是看起来以及用起来简单的一种设计模式,但是就实现方式以及原理来说,也并不浅显哦. ...

  7. this指针与const成员函数

    this指针的类型为:classType *const      // 即指向类类型非常量版本的常量指针 所以,我们不能把this绑定到一个常量对象上 ===>  不能在一个常量对象上调用普通的 ...

  8. 《Linux编程大作业》

    一.要求 作业题目 Linux下的多进程/线程网络通信 作业目标 要求学生熟练掌握<Linux编程>课程中的知识点,包括Linux常用命令.bash脚本.编译和调试环境.读写文件.进程间通 ...

  9. 让我们一起来做最漂亮的Android界面吧!

    让我们一起来做最漂亮的Android界面吧! AndroidiOS产品设计 摘要:如何为Android设备量身定制以打造出最为完美的应用?这是让诸多开发者很是头疼的问题.不同于iOS,Android设 ...

  10. 软件工程课堂作业(三)——Right-BICEP软件单元测试

    一.测试方法:Right-BICEP Right-结果是否正确?B-是否所有的边界条件都是正确的?I-能查一下反向关联吗?C-能用其他手段交叉检查一下结果吗?E-你是否可以强制错误条件发生?P-是否满 ...