http://www.networkinghowtos.com/howto/change-the-iptables-log-file/

 
 

An important aspect of any firewall are the log files. Iptables on Linux provides logging functionality, however by default, it will get outputted to the /var/log/messages log file. This can clutter things up, and make it hard to check the logs.

If you want to change the file that IPTables logs to, you need to set up your iptables rules to output a log prefix. Rsyslog will then be configured to pick up this prefix, and output the information to a custom log file, containing just the iptables log information.

Install rsyslog if it is not already installed.

$ sudo apt-get install -y rsyslog

Configure your iptables firewall rules to output a log prefix using the –log-prefix command:

$ sudo iptables -A INPUT -p tcp --dport 22 --syn -j LOG --log-prefix "iptables: "

(this will log connection attempts to the SSH port)

Next you need to configure rsyslog to pickup the iptables log prefix.

Create an empty rsyslog conf file for iptables.

$ sudo touch /etc/rsyslog.d/10-iptables.conf

Open this file up in a file editor.

$ sudo nano /etc/rsyslog.d/10-iptables.conf

Add the following two lines:

:msg, contains, "iptables: " -/var/log/iptables.log

& ~

Save the file and exit the editor.

The first line checks the log data for the word “iptables: ” and appends it into the /var/log/iptables.log file.

The second line simply halts the processing of the log information, so that it doesnt get logged into /var/log/messages as well as the iptables.log file.

Restart rsyslog:

$ sudo service rsyslog restart

The logs should now be appearing in /var/log/iptables.log

You can verify this by tailing the log file:

$ tail -f /var/log/iptables.log

Try and connect to SSH from another machine, and you should see a log entry get created, and appear on the screen automatically.

Eg:

$ tail -f /var/log/iptables.log

Feb 20 23:27:11 ubuntu kernel: [1988916.899165] iptables: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:

00:00:00:00:00:00:00 SRC=192.168.0.3 DST=192.168.0.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=30541

DF PROTO=TCP SPT=60148 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

Close the ‘tail’ program using Ctrl+c.

Change the IPTables log file的更多相关文章

  1. ORACLE等待事件: log file parallel write

    log file parallel write概念介绍 log file parallel write 事件是LGWR进程专属的等待事件,发生在LGWR将日志缓冲区(log_buffer)中的重做日志 ...

  2. Managing IIS Log File Storage

    Managing IIS Log File Storage   You can manage the amount of server disk space that Internet Informa ...

  3. bdb log file 预设长度的性能优化

    看代码随手记:log_put.c, __log_write() /* * If we're writing the first block in a log file on a filesystem ...

  4. mysql从库Last_IO_Error: Got fatal error 1236 from master when reading data from binary log: 'Could not find first log file name in binary log index file'报错处理

    年后回来查看mysql运行状况与备份情况,登录mysql从库查看主从同步状态 mysql> show slave status\G; *************************** . ...

  5. 完全揭秘log file sync等待事件-转自itpub

    原贴地址:http://www.itpub.net/thread-1777234-1-1.html   谢谢 guoyJoe 老大 这里先引用一下tanel poder大师的图: 什么是log fil ...

  6. 'Could not find first log file name in binary log index file'的解决办法

    数据库主从出错: Slave_IO_Running: No 一方面原因是因为网络通信的问题也有可能是日志读取错误的问题.以下是日志出错问题的解决方案: Last_IO_Error: Got fatal ...

  7. Oracle 联机重做日志文件(ONLINE LOG FILE)

    --========================================= -- Oracle 联机重做日志文件(ONLINE LOG FILE) --================== ...

  8. Got fatal error 1236 from master when reading data from binary log: 'Could not find first log file name in binary log index file'

    setup slave from backup i got error Got fatal error 1236 from master when reading data from binary l ...

  9. oracle之 等待事件LOG FILE SYNC (awr)优化

    log file sycn是ORACLE里最普遍的等待事件之一,一般log file sycn的等待时间都非常短 1-5ms,不会有什么问题,但是一旦出问题,往往都比较难解决.什么时候会产生log f ...

随机推荐

  1. 韦大仙--Katalon---一款好用的selenium自动化测试插件

    selenium框架是目前使用较广泛的开源自动化框架,一款好的.基于界面的录制工具对于初学者来说可以快速入门:对于老手来说可以提高开发自动化脚本的效率.我们知道Selenium IDE是一款使用较多的 ...

  2. js for循环实例

    1.求1-100的寄数和? //2.奇数求和 var ppt=0 for(var i=1;i<=100;i+=2){ ppt+=i } 2.求1-100的偶数和 var num=0 for(va ...

  3. hihocoder刷题 扫雷游戏

    题目1 : 扫雷游戏 时间限制:10000ms 单点时限:1000ms 内存限制:256MB 描述 给定一个N × N的方格矩阵,其中每个格子或者是'*',表示该位置有一个地雷:或者是'.',表示该位 ...

  4. (原)HUD绘画贴图解析

    @小道:临时存放       1\主过程 说明: a\调用DrawTextureSimple时,会将UTexure封装成CavarsItem, 若是正交投射函数执行双,最后CavarsItem.Dra ...

  5. Java Web开发框架Spring+Hibernate整合效果介绍(附源码)(已过期,有更好的)

    最近花了一些时间整合了一个SpringMVC+springAOP+spring security+Hibernate的一套框架,之前只专注于.NET的软件架构设计,并没有接触过Java EE,好在有经 ...

  6. kosaraju求强连通分量

    在了解kosaraju算法之前我们先了解一下什么是强连通分量,在有向图中如果两个定点vi,ui存在一条路劲从vi到达ui且也存在一条路劲从ui到达vi那么由ui和vi这两个点构成的图成为强连通图,简洁 ...

  7. linux服务器操作小技巧

    python程序后台一直运行,并将打印信息输出到文件中 nohup -u test.py > out.txt & -u 表示无缓冲,直接将打印信息输出带文件中 &表示程序后台运行

  8. JAVA集合类(大公司面试喜欢问的)

     分类: 核心JAVA(11)  版权声明:本文为博主原创文章,未经博主允许不得转载. 看了一些所谓大公司的Java面试问题,发现对于JAVA集合类的使用都比较看重似的,而自己在这方面还真的是所真甚少 ...

  9. PK3Err0040

    PK3Err0040 The target device is not ready for debugging. Please check your configuration bit setting ...

  10. 常用排序算法--java版

    package com.whw.sortPractice; import java.util.Arrays; public class Sort { /** * 遍历一个数组 * @param sor ...