SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-20-2008, 12:03 PM
| ||||
| ||||
 syslog / iptables logging Hi all, I am looking for a clean way to log firewall iptables messages on Slackware 10.0. For now I use the following syslog.conf to redirect debug messages to firewall log : kern.*;kern.!=debug -/var/log/syslog kern.=debug -/var/log/firewall but this also includes miscellaneous other kernel debug messages I want to keep in standard /var/log/debug log file. So my question is "will I be condamned to use ulogd ?" Best regards -- Laurent Retirer -mux pour m'ecrire Remove -mux to email me      |
|
02-20-2008, 12:03 PM
| |||
| |||
| Re: syslog / iptables logging Laurent wrote: > Hi all, > > I am looking for a clean way to log firewall iptables messages on > Slackware 10.0. > > For now I use the following syslog.conf to redirect debug messages to > firewall log : > kern.*;kern.!=debug -/var/log/syslog > kern.=debug -/var/log/firewall > but this also includes miscellaneous other kernel debug messages I want to > keep in standard /var/log/debug log file. > > So my question is "will I be condamned to use ulogd ?" > > Best regards > I would suggest you look into fireparse http://aaron.marasco.com/linux.html, you could use it's advanced features, to sort, analyze, and to make some nice html output of your firewall... or just stick with the bacics and have it automatically pull all firewall related things from the syslog, into a separate firewall.log. To use it, you just have to make your iptables rules log in the fireparse format such as: $IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \ --log-prefix "fp=bad_tcp_packets:1 a=DROP " -- alex |
|
02-20-2008, 12:03 PM
| |||
| |||
| Re: syslog / iptables logging On Sun, 27 Nov 2005 13:06:38 +0000, alex wrote: > Laurent wrote: > >> Hi all, >> >> I am looking for a clean way to log firewall iptables messages on >> Slackware 10.0. >> >> For now I use the following syslog.conf to redirect debug messages to >> firewall log : >> kern.*;kern.!=debug -/var/log/syslog >> kern.=debug -/var/log/firewall >> but this also includes miscellaneous other kernel debug messages I want to >> keep in standard /var/log/debug log file. >> >> So my question is "will I be condamned to use ulogd ?" >> >> Best regards >> > > I would suggest you look into fireparse http://aaron.marasco.com/linux.html, > you could use it's advanced features, to sort, analyze, and to make some > nice html output of your firewall... or just stick with the bacics and have > it automatically pull all firewall related things from the syslog, into a > separate firewall.log. To use it, you just have to make your iptables > rules log in the fireparse format such as: > > $IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \ > --log-prefix "fp=bad_tcp_packets:1 a=DROP " OK Thank you Alex, I am checking the script See U -- Laurent Retirer -mux pour m'ecrire Remove -mux to email me |
|
02-20-2008, 12:03 PM
| |||
| |||
| Re: syslog / iptables logging Laurent wrote: > Hi all, > > I am looking for a clean way to log firewall iptables messages on > Slackware 10.0. > > For now I use the following syslog.conf to redirect debug messages to > firewall log : > kern.*;kern.!=debug -/var/log/syslog > kern.=debug -/var/log/firewall > but this also includes miscellaneous other kernel debug messages I want to > keep in standard /var/log/debug log file. > > So my question is "will I be condamned to use ulogd ?" > > Best regards > What's wrong with using ulogd? If I understand the netfilter changes [1] that have gone into 2.6.14, the userspace logging is going to more or less be the standard for iptables in the future, although it will retain the capability to log via syslog. [1] Bear in mind that it's quite possible for me *not* fully understand the 2.6.14 changes to netfilter RW -- http://rlworkman.net |
|
02-20-2008, 12:03 PM
| |||
| |||
| Re: syslog / iptables logging Laurent wrote: > I am looking for a clean way to log firewall iptables messages on > Slackware 10.0. > > For now I use the following syslog.conf to redirect debug messages to > firewall log : > kern.*;kern.!=debug -/var/log/syslog > kern.=debug -/var/log/firewall > but this also includes miscellaneous other kernel debug messages I want to > keep in standard /var/log/debug log file. > > So my question is "will I be condamned to use ulogd ?" IIRC, with the stock syslog.conf in Slack 10.0, iptables' log messages do go to /var/log/syslog. Mikhail |
|
02-20-2008, 12:03 PM
| |||
| |||
| Re: syslog / iptables logging On 27 Nov 2005 10:39:05 -0800, "Mikhail Zotov" <muxaul@lenta.ru> wrote: >IIRC, with the stock syslog.conf in Slack 10.0, >iptables' log messages do go to /var/log/syslog. Depends on the iptables logging command used, in my setup with 2.4.32: a) sample Internet noise to /var/log/messages: MLIMIT="--match limit --limit" .... # data collection, sample what we're dropping? iptables -A INPUT -p all $MLIMIT 6/min --limit-burst 6 \ -j LOG --log-level info --log-prefix "InpDrop: " ^^^^^^^^^^^^^^^^. `--> to /var/log/messages b) /var/log/debug for forwarding failures: # data collection, check what we're dropping iptables -A FORWARD -p all \ -j LOG --log-level debug --log-prefix "ForDrop: " ^^^^^^^^^^^^^^^^^. `--> to /var/log/debug ipfilter (iptables) in 2.6 series has too many bugs turning up to trust, see changelog for latest stable 2.6.14.3, much of it is iptables repair Grant. |
|
02-20-2008, 12:05 PM
| ||||
| ||||
| Re: syslog / iptables logging On Sun, 27 Nov 2005 09:13:50 -0600, Robby Workman wrote: > Laurent wrote: >> Hi all, >> >> I am looking for a clean way to log firewall iptables messages on >> Slackware 10.0. >> >> For now I use the following syslog.conf to redirect debug messages to >> firewall log : >> kern.*;kern.!=debug -/var/log/syslog >> kern.=debug -/var/log/firewall >> but this also includes miscellaneous other kernel debug messages I want to >> keep in standard /var/log/debug log file. >> >> So my question is "will I be condamned to use ulogd ?" >> >> Best regards >> > > > What's wrong with using ulogd? If I understand the netfilter changes > [1] that have gone into 2.6.14, the userspace logging is going to more > or less be the standard for iptables in the future, although it will > retain the capability to log via syslog. > > > [1] Bear in mind that it's quite possible for me *not* fully > understand the 2.6.14 changes to netfilter > > RW Well for now, I would prefer to keep the system "as Slack as possible" ! I mean I prefer using stable 2.4 kernel. So I will probably wait until 2.6 kernel is released (too much changes for my old and stable system) ! -- Laurent Retirer -mux pour m'ecrire Remove -mux to email me |
 |
« [OT] OOoooooo My can you say bloatware
|
Can't find info on controlling the console kb repeat rate! »
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 07:26 AM.
