| View previous topic :: View next topic |
| Author |
Message |
Roxxor
Apprentice
Joined: 04 Jun 2003
Posts: 225
Location: Stockholm, Sweden
|
 Posted: Fri Jun 10, 2005 7:42 pm Post subject: configure syslog-ng to log iptables to /var/log/iptables |
 |
|
Hi!
I have an iptables firewall. I want my logger, Syslog-ng, to log to /var/log/iptables.
I have done this:
syslog-ng.conf
| Code: |
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo,v 1.5 2005/05/12 05:46:10 mr_bones_ Exp $
#
# Syslog-ng default configuration file for Gentoo Linux
# contributed by Michael Sterrett
options {
chain_hostnames(off);
sync(0);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats(43200);
};
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
destination messages { file("/var/log/messages"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
destination d_fwall { file("/var/log/iptables.log"); };
filter f_fwall {
match("Iptables:");
};
log { source(src); filter(f_fwall); destination(d_fwall); };
log { source(src); destination(messages); };
log { source(src); destination(console_all); };
|
And my firewall script starts with the line
| Code: |
$IPT -A INPUT -j LOG --log-prefix "Iptables: " |
Is that correct, or shall it end with that line? |
|
| Back to top |
|
 |
TheX
Guru
Joined: 31 Jul 2004
Posts: 349
Location: .de
|
| Posted: Fri Jun 10, 2005 9:46 pm Post subject: |
|
|
In my firewall-script is a part in the middle like this :
| Code: | iptables -N DROPl 2> /dev/null
iptables -A DROPl -j LOG --log-prefix 'DROPl:'
iptables -A DROPl -j DROP
iptables -N REJECTl 2> /dev/null
iptables -A REJECTl -j LOG --log-prefix 'REJECTl:'
iptables -A REJECTl -j REJECT |
I made it a year ago, so I'm not so familiar with those iptables-rules.
Everything was logged to /var/log/messages (eccept those > /dev/null lines).
I think, with good firewall script which drops its output to a file, you could solve your prob.
TheX |
|
| Back to top |
|
|
tutaepaki
Apprentice
Joined: 11 Nov 2003
Posts: 279
Location: New Zealand
|
| Posted: Fri Jun 10, 2005 11:45 pm Post subject: |
|
|
| what exactly is the problem? That config should work. (although, your iptables messages should go to both locations with this configuration) |
|
| Back to top |
|
|
Roxxor
Apprentice
Joined: 04 Jun 2003
Posts: 225
Location: Stockholm, Sweden
|
| Posted: Sat Jun 11, 2005 9:20 am Post subject: |
|
|
I got it working yesterday.
But is the line
| Code: |
iptables -A INPUT -j LOG --log-prefix "Iptables: " |
enough to see all attacks in the log file?
Or what else do I need? |
|
| Back to top |
|
|
|
Networking & Security
