View previous topic :: View next topic |
Author |
Message |
Robert S Guru
Joined: 15 Aug 2004 Posts: 460 Location: Canberra Australia
|
Posted: Fri May 06, 2005 10:53 pm Post subject: How do I stop iptables logs going into dmesg? |
|
|
I have just installed iptables - I'm going to use it to block incoming connections (I've already got a hardware firewall ). I use syslog-ng and currently all logs go into /var/log/messages. I want to keep iptables logs out of this file and out of dmesg. I've managed to get iptables logs out of /var/log/messages by using this rule:
iptables -A INPUT -i eth0 -m limit --limit 1/sec -j LOG --log-prefix "iptables "
and putting this into /etc/syslog-ng/syslog-ng.conf
options {
long_hostnames(off);
sync(0);
stats(43200);
};
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
destination messages { file("/var/log/messages"); };
destination console_all { file("/dev/tty12"); };
destination iptables { file("/var/log/iptables.log"); };
filter f_iptables { match("iptables "); };
log { source(src); filter(f_iptables); destination(iptables); flags(final); };
log { source(src); destination(messages); };
log { source(src); destination(console_all); };
All seems to be fine - the logs turn up into /var/log/iptables.log, but they still appear when I do "dmesg". How do I stop this??
P.S. Can anybody point me to a SIMPLE script to start up iptables? I don't need to do routing or NAT. Most of the "simple" ones around are horrifically complex. |
|
Back to top |
|
|
ikaro Advocate
Joined: 14 Jul 2003 Posts: 2527 Location: Denmark
|
Posted: Fri May 06, 2005 11:01 pm Post subject: |
|
|
might be what you were asking, but with shorewall you can use ULOG in a easy way.
ps: remember to compile ulog in the kernel aswell _________________ linux: #232767 |
|
Back to top |
|
|
Robert S Guru
Joined: 15 Aug 2004 Posts: 460 Location: Canberra Australia
|
Posted: Sat May 07, 2005 4:12 am Post subject: |
|
|
I'd like to keep it simple and avoid shorewall if possible. I'll have a little look at shorewall on a "test" machine however. |
|
Back to top |
|
|
Robert S Guru
Joined: 15 Aug 2004 Posts: 460 Location: Canberra Australia
|
Posted: Sat May 07, 2005 7:36 am Post subject: Fixed!! |
|
|
I've fixed it without using shorewall. Its very easy to configure and run ulogd. |
|
Back to top |
|
|
ikaro Advocate
Joined: 14 Jul 2003 Posts: 2527 Location: Denmark
|
Posted: Sat May 07, 2005 2:32 pm Post subject: |
|
|
you could post how you fixed it, usually its good maners
So the next person can find a solution by searching the forums. _________________ linux: #232767 |
|
Back to top |
|
|
Robert S Guru
Joined: 15 Aug 2004 Posts: 460 Location: Canberra Australia
|
Posted: Sun May 08, 2005 3:25 am Post subject: |
|
|
OK. Good thinking. Its so easy that its almost not necessary to do this.
# emerge ulogd
# Edit /etc/ulogd.conf thus:
nlgroup 1
logfile /var/log/ulogd.log
loglevel 5
rmem 131071
bufsize 150000
plugin /usr/lib64/ulogd/ulogd_BASE.so
syslogfile /var/log/ulogd.syslogemu
syslogsync 1
plugin /usr/lib64/ulogd/ulogd_LOGEMU.so
dumpfile /var/log/ulogd.pktlog
pcapfile /var/log/ulogd.pcap
pcapsync 1
# Start it!
/etc/init.d/ulogd start
# That's all!! You can also send logs to mysql. I won't bother with this.
I'll get logrotate to rotate logs daily and will do a script which will report any output every day. I'd like to do something that doesn't just output lines of identical output, but prints each line of output and how many times it appeared. Suggestions??? |
|
Back to top |
|
|
Takk n00b
Joined: 27 Mar 2004 Posts: 12
|
Posted: Tue May 17, 2005 11:44 am Post subject: |
|
|
If you need a simple IPTables configuration file, try this site:
http://www.netfilter.org/documentation/index.html#documentation-howto
About the other thing, I'm building a PHP application that does iptables log analysis for my final graduation project. I'll place a copy on my homepage when finished. There are lots of good tools that do it so, but I don't remember any now. |
|
Back to top |
|
|
rogerx Tux's lil' helper
Joined: 06 Apr 2004 Posts: 118
|
Posted: Sun May 20, 2007 9:01 pm Post subject: |
|
|
This ulog tip should be incorporated into the Gentoo Shorewall Wiki ... if it really solves the shorewall logs > dmesg issue.
FYI: This *is* a faq concerning Shorewall. _________________ Roger
http://rogerx.freeshell.org/ |
|
Back to top |
|
|
|