http://www.networkinghowtos.com/howto/change-the-iptables-log-file/

 
 

An important aspect of any firewall are the log files. Iptables on Linux provides logging functionality, however by default, it will get outputted to the /var/log/messages log file. This can clutter things up, and make it hard to check the logs.

If you want to change the file that IPTables logs to, you need to set up your iptables rules to output a log prefix. Rsyslog will then be configured to pick up this prefix, and output the information to a custom log file, containing just the iptables log information.

Install rsyslog if it is not already installed.

$ sudo apt-get install -y rsyslog

Configure your iptables firewall rules to output a log prefix using the –log-prefix command:

$ sudo iptables -A INPUT -p tcp --dport 22 --syn -j LOG --log-prefix "iptables: "

(this will log connection attempts to the SSH port)

Next you need to configure rsyslog to pickup the iptables log prefix.

Create an empty rsyslog conf file for iptables.

$ sudo touch /etc/rsyslog.d/10-iptables.conf

Open this file up in a file editor.

$ sudo nano /etc/rsyslog.d/10-iptables.conf

Add the following two lines:

:msg, contains, "iptables: " -/var/log/iptables.log

& ~

Save the file and exit the editor.

The first line checks the log data for the word “iptables: ” and appends it into the /var/log/iptables.log file.

The second line simply halts the processing of the log information, so that it doesnt get logged into /var/log/messages as well as the iptables.log file.

Restart rsyslog:

$ sudo service rsyslog restart

The logs should now be appearing in /var/log/iptables.log

You can verify this by tailing the log file:

$ tail -f /var/log/iptables.log

Try and connect to SSH from another machine, and you should see a log entry get created, and appear on the screen automatically.

Eg:

$ tail -f /var/log/iptables.log

Feb 20 23:27:11 ubuntu kernel: [1988916.899165] iptables: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:

00:00:00:00:00:00:00 SRC=192.168.0.3 DST=192.168.0.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=30541

DF PROTO=TCP SPT=60148 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

Close the ‘tail’ program using Ctrl+c.

Change the IPTables log file的更多相关文章

  1. ORACLE等待事件: log file parallel write

    log file parallel write概念介绍 log file parallel write 事件是LGWR进程专属的等待事件,发生在LGWR将日志缓冲区(log_buffer)中的重做日志 ...

  2. Managing IIS Log File Storage

    Managing IIS Log File Storage   You can manage the amount of server disk space that Internet Informa ...

  3. bdb log file 预设长度的性能优化

    看代码随手记:log_put.c, __log_write() /* * If we're writing the first block in a log file on a filesystem ...

  4. mysql从库Last_IO_Error: Got fatal error 1236 from master when reading data from binary log: 'Could not find first log file name in binary log index file'报错处理

    年后回来查看mysql运行状况与备份情况,登录mysql从库查看主从同步状态 mysql> show slave status\G; *************************** . ...

  5. 完全揭秘log file sync等待事件-转自itpub

    原贴地址:http://www.itpub.net/thread-1777234-1-1.html   谢谢 guoyJoe 老大 这里先引用一下tanel poder大师的图: 什么是log fil ...

  6. 'Could not find first log file name in binary log index file'的解决办法

    数据库主从出错: Slave_IO_Running: No 一方面原因是因为网络通信的问题也有可能是日志读取错误的问题.以下是日志出错问题的解决方案: Last_IO_Error: Got fatal ...

  7. Oracle 联机重做日志文件(ONLINE LOG FILE)

    --========================================= -- Oracle 联机重做日志文件(ONLINE LOG FILE) --================== ...

  8. Got fatal error 1236 from master when reading data from binary log: 'Could not find first log file name in binary log index file'

    setup slave from backup i got error Got fatal error 1236 from master when reading data from binary l ...

  9. oracle之 等待事件LOG FILE SYNC (awr)优化

    log file sycn是ORACLE里最普遍的等待事件之一,一般log file sycn的等待时间都非常短 1-5ms,不会有什么问题,但是一旦出问题,往往都比较难解决.什么时候会产生log f ...

随机推荐

  1. 感觉总结了一切python常见知识点,可直接运行版本

    #encoding=utf-8#http://python.jobbole.com/85231/#作用域a=1def A(a): a=2 print 'A:',a def B(): print 'B: ...

  2. Pycharm中查看方法的源码

    方法1.鼠标放在函数上,Ctrl+B,看源码 方法2.将光标移动至要查看的方法处,按住ctrl 键,点击鼠标左键,即可查看该方法的源码.

  3. [转]JS私有化的实现——稳妥构造函数

    所谓稳妥对象, 指的是没有公共属性, 而且其方法也不引用this的对象.稳妥对象函数遵循与寄生构造函数类似的模式, 但有两点不同: 一是新创建对象的实例方法不引用this: 二是不使用new操作符调用 ...

  4. Iview 表单提交: Cannot read property 'validate' of undefined

    提交表单时,提示报这个错,找了半天,然后也百度了很久,一直没找到答案,代码如下: <link href="~/lib/iview3.1.4/styles/iview.css" ...

  5. ant-design学习准备_1

    在学习ant-desin过程中,发现很多知识都不清楚,从现在开始,每天将自己学习到的知识进行一个总结记录,前端大佬勿扰勿喷.先介绍几个基础概念和一些常用命令: 1.什么是脚手架 我们经常在各个博客论坛 ...

  6. VMware 15.0下载及安装教程

    虚拟机 VMware WorkStation Pro15 下载及安装详细解 9虚拟机 VMware WorkStation Pro15 下载及安装详细解. 虚拟机官方网站: https://www.v ...

  7. CPU设计学习-流水线

    各种名词 标量流水线 超级流水线 超标量流水线与多发射技术 经典五级流水线 IF |Instruction Fetch,取指 ID |Instruction Decode,译码 EX |Execute ...

  8. 洛谷 P1781 宇宙总统:sort(string)

    题目描述 地球历公元6036年,全宇宙准备竞选一个最贤能的人当总统,共有n个非凡拔尖的人竞选总统,现在票数已经统计完毕,请你算出谁能够当上总统. 输入输出格式 输入格式: 第一行为一个整数n,代表竞选 ...

  9. 贵州省未来二十年的投资机会的探讨1>

    贵州的股市 1.000540.SZ 中天金融 2.000589.SZ 黔轮胎A 3.000733.SZ 振华科技 4.000851.SZ 高鸿股份 5.000920.SZ 南方汇通 6.002025. ...

  10. POJ 2986 A Triangle and a Circle(三角形和圆形求交)

    Description Given one triangle and one circle in the plane. Your task is to calculate the common are ...