http://www.networkinghowtos.com/howto/change-the-iptables-log-file/

 
 

An important aspect of any firewall are the log files. Iptables on Linux provides logging functionality, however by default, it will get outputted to the /var/log/messages log file. This can clutter things up, and make it hard to check the logs.

If you want to change the file that IPTables logs to, you need to set up your iptables rules to output a log prefix. Rsyslog will then be configured to pick up this prefix, and output the information to a custom log file, containing just the iptables log information.

Install rsyslog if it is not already installed.

$ sudo apt-get install -y rsyslog

Configure your iptables firewall rules to output a log prefix using the –log-prefix command:

$ sudo iptables -A INPUT -p tcp --dport 22 --syn -j LOG --log-prefix "iptables: "

(this will log connection attempts to the SSH port)

Next you need to configure rsyslog to pickup the iptables log prefix.

Create an empty rsyslog conf file for iptables.

$ sudo touch /etc/rsyslog.d/10-iptables.conf

Open this file up in a file editor.

$ sudo nano /etc/rsyslog.d/10-iptables.conf

Add the following two lines:

:msg, contains, "iptables: " -/var/log/iptables.log

& ~

Save the file and exit the editor.

The first line checks the log data for the word “iptables: ” and appends it into the /var/log/iptables.log file.

The second line simply halts the processing of the log information, so that it doesnt get logged into /var/log/messages as well as the iptables.log file.

Restart rsyslog:

$ sudo service rsyslog restart

The logs should now be appearing in /var/log/iptables.log

You can verify this by tailing the log file:

$ tail -f /var/log/iptables.log

Try and connect to SSH from another machine, and you should see a log entry get created, and appear on the screen automatically.

Eg:

$ tail -f /var/log/iptables.log

Feb 20 23:27:11 ubuntu kernel: [1988916.899165] iptables: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:

00:00:00:00:00:00:00 SRC=192.168.0.3 DST=192.168.0.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=30541

DF PROTO=TCP SPT=60148 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

Close the ‘tail’ program using Ctrl+c.

Change the IPTables log file的更多相关文章

  1. ORACLE等待事件: log file parallel write

    log file parallel write概念介绍 log file parallel write 事件是LGWR进程专属的等待事件,发生在LGWR将日志缓冲区(log_buffer)中的重做日志 ...

  2. Managing IIS Log File Storage

    Managing IIS Log File Storage   You can manage the amount of server disk space that Internet Informa ...

  3. bdb log file 预设长度的性能优化

    看代码随手记:log_put.c, __log_write() /* * If we're writing the first block in a log file on a filesystem ...

  4. mysql从库Last_IO_Error: Got fatal error 1236 from master when reading data from binary log: 'Could not find first log file name in binary log index file'报错处理

    年后回来查看mysql运行状况与备份情况,登录mysql从库查看主从同步状态 mysql> show slave status\G; *************************** . ...

  5. 完全揭秘log file sync等待事件-转自itpub

    原贴地址:http://www.itpub.net/thread-1777234-1-1.html   谢谢 guoyJoe 老大 这里先引用一下tanel poder大师的图: 什么是log fil ...

  6. 'Could not find first log file name in binary log index file'的解决办法

    数据库主从出错: Slave_IO_Running: No 一方面原因是因为网络通信的问题也有可能是日志读取错误的问题.以下是日志出错问题的解决方案: Last_IO_Error: Got fatal ...

  7. Oracle 联机重做日志文件(ONLINE LOG FILE)

    --========================================= -- Oracle 联机重做日志文件(ONLINE LOG FILE) --================== ...

  8. Got fatal error 1236 from master when reading data from binary log: 'Could not find first log file name in binary log index file'

    setup slave from backup i got error Got fatal error 1236 from master when reading data from binary l ...

  9. oracle之 等待事件LOG FILE SYNC (awr)优化

    log file sycn是ORACLE里最普遍的等待事件之一,一般log file sycn的等待时间都非常短 1-5ms,不会有什么问题,但是一旦出问题,往往都比较难解决.什么时候会产生log f ...

随机推荐

  1. JDK11安装后,环境变量的坑

    安装了最新的JDK11,安装完后设置环境变量,打开CMD,没生效 检查了3遍,都没发现问题,在PATH中将JAVA设置移到第一也不行 最后偶然发现,在点击如图右下的‘编辑文本’,用文本方式编辑时,发现 ...

  2. JMeter 录制APP脚本

    具体步骤: 1.启动JMeter: 2.在“测试计划”中添加“线程组”: 3.“工作台”中添加“HTTP代理服务器”: 4.配置代理服务器:端口:8888(默认值),HTTPS Domains:192 ...

  3. Python递归算法入门

    递归是一种算法,它在编程里面有着广泛的应用: 1. 递归必须满足哪两个基本条件? 一.函数调用自身 二.设置了正确的返回条件 2. 思考一下,按照递归的特性,在编程中有没有不得不使用递归的情况? 答: ...

  4. linux系统简单命令

    # uname -a # 查看内核/操作系统/CPU信息 # head -n 1 /etc/issue # 查看操作系统版本 # cat /proc/cpuinfo # 查看CPU信息 # hostn ...

  5. 数据库Mysql的学习(二)-数据类型和创建

    数据类型:数据列,存储过程参数,表达式和局部变量的数据特征. 整形: tinyint:一个字节,-128到127:2的7次方 smallint:两个字节,-32768到32767:2的15次方 med ...

  6. 网页性能管理详解:浅谈chrome-Timeline及window.requestAnimationFrame()方法

    你遇到过性能很差的网页吗? 这种网页响应非常缓慢,占用大量的CPU和内存,浏览起来常常有卡顿,页面的动画效果也不流畅. 你会有什么反应?我猜想,大多数用户会关闭这个页面,改为访问其他网站.作为一个开发 ...

  7. 机器学习-聚类Clustering

    简介 前面介绍的线性回归,SVM等模型都是基于数据有标签的监督学习方法,本文介绍的聚类方法是属于无标签的无监督学习方法.其他常见的无监督学习还有密度估计,异常检测等. 聚类就是对大量未知标注的数据集, ...

  8. c# 批量处理数据录入

    c# 分批处理数据录入 //using System.Text; //using System.Data; //using System.Data.SqlClient; //using System; ...

  9. MyBatis传入参数为list、数组、map写法(转载)

    MyBatis传入参数为list.数组.map写法 1.foreach简单介绍: foreach的主要用在构建in条件中,它可以在SQL语句中进行迭代一个集合. foreach元素的属性主要有item ...

  10. 【week6】约跑App视频链接

    约跑视频链接发布在优酷,链接如下: http://v.youku.com/v_show/id_XMTc3NTcyNTcyNA==.html 秒拍视频连接: http://www.miaopai.com ...