http://www.networkinghowtos.com/howto/change-the-iptables-log-file/

 
 

An important aspect of any firewall are the log files. Iptables on Linux provides logging functionality, however by default, it will get outputted to the /var/log/messages log file. This can clutter things up, and make it hard to check the logs.

If you want to change the file that IPTables logs to, you need to set up your iptables rules to output a log prefix. Rsyslog will then be configured to pick up this prefix, and output the information to a custom log file, containing just the iptables log information.

Install rsyslog if it is not already installed.

$ sudo apt-get install -y rsyslog

Configure your iptables firewall rules to output a log prefix using the –log-prefix command:

$ sudo iptables -A INPUT -p tcp --dport 22 --syn -j LOG --log-prefix "iptables: "

(this will log connection attempts to the SSH port)

Next you need to configure rsyslog to pickup the iptables log prefix.

Create an empty rsyslog conf file for iptables.

$ sudo touch /etc/rsyslog.d/10-iptables.conf

Open this file up in a file editor.

$ sudo nano /etc/rsyslog.d/10-iptables.conf

Add the following two lines:

:msg, contains, "iptables: " -/var/log/iptables.log

& ~

Save the file and exit the editor.

The first line checks the log data for the word “iptables: ” and appends it into the /var/log/iptables.log file.

The second line simply halts the processing of the log information, so that it doesnt get logged into /var/log/messages as well as the iptables.log file.

Restart rsyslog:

$ sudo service rsyslog restart

The logs should now be appearing in /var/log/iptables.log

You can verify this by tailing the log file:

$ tail -f /var/log/iptables.log

Try and connect to SSH from another machine, and you should see a log entry get created, and appear on the screen automatically.

Eg:

$ tail -f /var/log/iptables.log

Feb 20 23:27:11 ubuntu kernel: [1988916.899165] iptables: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:

00:00:00:00:00:00:00 SRC=192.168.0.3 DST=192.168.0.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=30541

DF PROTO=TCP SPT=60148 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

Close the ‘tail’ program using Ctrl+c.

Change the IPTables log file的更多相关文章

  1. ORACLE等待事件: log file parallel write

    log file parallel write概念介绍 log file parallel write 事件是LGWR进程专属的等待事件,发生在LGWR将日志缓冲区(log_buffer)中的重做日志 ...

  2. Managing IIS Log File Storage

    Managing IIS Log File Storage   You can manage the amount of server disk space that Internet Informa ...

  3. bdb log file 预设长度的性能优化

    看代码随手记:log_put.c, __log_write() /* * If we're writing the first block in a log file on a filesystem ...

  4. mysql从库Last_IO_Error: Got fatal error 1236 from master when reading data from binary log: 'Could not find first log file name in binary log index file'报错处理

    年后回来查看mysql运行状况与备份情况,登录mysql从库查看主从同步状态 mysql> show slave status\G; *************************** . ...

  5. 完全揭秘log file sync等待事件-转自itpub

    原贴地址:http://www.itpub.net/thread-1777234-1-1.html   谢谢 guoyJoe 老大 这里先引用一下tanel poder大师的图: 什么是log fil ...

  6. 'Could not find first log file name in binary log index file'的解决办法

    数据库主从出错: Slave_IO_Running: No 一方面原因是因为网络通信的问题也有可能是日志读取错误的问题.以下是日志出错问题的解决方案: Last_IO_Error: Got fatal ...

  7. Oracle 联机重做日志文件(ONLINE LOG FILE)

    --========================================= -- Oracle 联机重做日志文件(ONLINE LOG FILE) --================== ...

  8. Got fatal error 1236 from master when reading data from binary log: 'Could not find first log file name in binary log index file'

    setup slave from backup i got error Got fatal error 1236 from master when reading data from binary l ...

  9. oracle之 等待事件LOG FILE SYNC (awr)优化

    log file sycn是ORACLE里最普遍的等待事件之一,一般log file sycn的等待时间都非常短 1-5ms,不会有什么问题,但是一旦出问题,往往都比较难解决.什么时候会产生log f ...

随机推荐

  1. selenium,unittest——自动化执行多个py文件脚本并生成报告

    将多个py文件的自动化脚本顺序运行,并生成报告,运行run_all_case后会自动运行文件内所有test开头的py文件并在指定文件夹report生成由脚本时间命名的报告 脚本执行后结果: 生成报告并 ...

  2. 第三篇 JavaScript基础

    知识预览 BOM对象 DOM对象(DHTML) 实例练习 转:https://www.cnblogs.com/yuanchenqi/articles/5980312.html#_label2 一.Ja ...

  3. Java 语法基础

    一 关键字 关键字: 其实就是某种语言赋予了特殊含义的单词 保留字: 其实就是还没有赋予特殊含义 但是准备日后要使用过的单词 二 标示符 标示符: 其实就是在程序中自定义的名词 比如类名, 变量名, ...

  4. 使用getid3获取音频文件信息

    今天有个需求,在上传音频文件时候自动获取音频的秒数,和大家分享一下. 首先把getid3的包下载下来 链接:https://pan.baidu.com/s/1Qmdj-I4boz9Sm9GFsON0D ...

  5. 【循环控制器】-(针对中间部分要循环的场景,相当于loadrunner的action部分)

    一般使用 setup线程组 + teardown组 针对中间要循环的部分   使用循环处理器    单独循环中间的部分,相当于loadrunner的action部分

  6. spring boot 下使用@ConponentScan注解遇到的问题

    问题描述 如果你心急看结果,请直接到本文末尾 今天使用了注解操作spring boot,一开始程序无法启动,提示无法找到一个注解注入的类,查询网上,有人说使用@ConponetScan注解,可以指定需 ...

  7. java常见的异常类型

    Exception分为两类:非运行是异常和运行时异常. java编译器要求方法必须声明抛出可能发生的非运行时异常,但是并不要求必须声明抛出未被捕获的运行时异常.A:NullPointerExcepti ...

  8. Cortex-M3(NXP LPC 1788) 启动代码

    startup_LPC177x_8x.s启动代码分析. 参考资料: Cortex-M3 (NXP LPC1788)之启动代码分析 ARM启动过程(Cortex-M3 NXP LPC1768为例) ;/ ...

  9. POJ 1739 Tony's Tour(插头DP)

    Description A square township has been divided up into n*m(n rows and m columns) square plots (1< ...

  10. vue学习笔记之:为何data是一个方法

    vue学习笔记之:为何data是一个方法 在vue开发中,我们可以发现,data中的属性值是在function中return出来的.可为何data必须是一个函数呢?我们先看官方的解释: 当一个组件被定 ...