Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
where is iptables log files?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
bonito
Tux's lil' helper
Tux's lil' helper


Joined: 01 May 2002
Posts: 80

PostPosted: Tue Jun 18, 2002 7:18 pm    Post subject: where is iptables log files? Reply with quote

I was hoping to find some sort of error log for iptables in order to better understand what is going wrong with rules I am programming into it. I have looked all over and cannot find anything. Where in the gentoo distribution are iptables log files stored? If I have to make them and set the machine to write to them manually can someone explain how I would do this?
Back to top
View user's profile Send private message
id10t
Tux's lil' helper
Tux's lil' helper


Joined: 18 May 2002
Posts: 100

PostPosted: Tue Jun 18, 2002 7:55 pm    Post subject: Reply with quote

Use gShield (muse.linuxmafia.org) - really easy to setup and configure. All of my iptables messages go to /var/log/messages
_________________
---
this space for rent
Back to top
View user's profile Send private message
klieber
Administrator
Administrator


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Tue Jun 18, 2002 8:19 pm    Post subject: Re: where is iptables log files? Reply with quote

bonito wrote:
If I have to make them and set the machine to write to them manually can someone explain how I would do this?


Look at syslogd and syslog.conf. That will let you define separate log files for various apps.

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
trapni
Retired Dev
Retired Dev


Joined: 16 May 2002
Posts: 251
Location: Germany/Berlin

PostPosted: Tue Jun 18, 2002 9:14 pm    Post subject: Reply with quote

Well, exactly that's what I'd like to have for iptables and scanlogd seperately, so, could you please give me a quick'n'dirty example exact for RTFM me how such an entry would look like for syslog-ng?

iptables: /var/log/firewall/iptables
scanlogd: /var/log/firewall/scanlogd

And, btw, is it possible to split the output if iptables (by prefix of the LOG rule) into seperate log files as well?

Thanks in advance,
Christian Parpart.
Back to top
View user's profile Send private message
klieber
Administrator
Administrator


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Wed Jun 19, 2002 2:50 pm    Post subject: Reply with quote

Basically, you set up a "localX" log in syslog.conf where "X" is some number. Then, in your iptables script, you use '--log-level localX' to define where the log should go.

man syslog.conf
man syslogd

are two places to start. Also, try searching google. It came up with this post among others.

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
bonito
Tux's lil' helper
Tux's lil' helper


Joined: 01 May 2002
Posts: 80

PostPosted: Wed Jun 19, 2002 5:46 pm    Post subject: my metalog.conf addition Reply with quote

ok so here is what I have for my metalog addition:

Iptables :

facility = "local1"
minimum 7
logdir = "/var/log/iptables"

if after that I set iptables conditions for logging under the --log-level local1 will it start logging all activity with iptables to that directory?
Back to top
View user's profile Send private message
klieber
Administrator
Administrator


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Wed Jun 19, 2002 7:53 pm    Post subject: Reply with quote

Eh...not sure for metalog. I use plain old syslog.

Anyone else here a metalog guru?

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
bonito
Tux's lil' helper
Tux's lil' helper


Joined: 01 May 2002
Posts: 80

PostPosted: Wed Jun 19, 2002 8:04 pm    Post subject: Reply with quote

I just installed sysklogd (syslogd?) on my system. I removed metalog, and I can see some logging taking place in certain files. when I use the --log-level local3 after editing the syslog.conf file it gives me the error message that local3 is an unrecognized log level.
Back to top
View user's profile Send private message
trapni
Retired Dev
Retired Dev


Joined: 16 May 2002
Posts: 251
Location: Germany/Berlin

PostPosted: Wed Jun 19, 2002 10:57 pm    Post subject: Reply with quote

Okay, I was googling for a while and found really something interesting for syslog-ng:

Code:
destination d_fw { file("/var/log/firewall"); };
filter f_fw { match("fw-"); };
log { source(kernsrc); filter(f_fw); destination(d_fw); };
This tiny addon in my syslog-ng.conf puts all the netfilter logged with a prefix containing "fw-" into my special log file, /var/log/firewall. That's great!
You can filter any expression from any log input device and put it into a seperate file for better analyzation :)

Cheers,
Christian Parpart.
Back to top
View user's profile Send private message
rajl
Apprentice
Apprentice


Joined: 25 Sep 2002
Posts: 287

PostPosted: Wed May 14, 2003 11:05 pm    Post subject: Reply with quote

Having just read this post, I'm really confused. I'm using syslogd right now, but local3 is a facility, not a log level, so my iptables script gives me errors if I try to log traffic with a "--log-level local3" as has been recommended here.

Can anyone shed light on this issue? I really would like to be able to log my iptables data to a seperate log file. I'm even willing to switch system loggers if someone can tell me to do it in another system logger other than plain old syslogd.
_________________
-Rajl

-----------------------------------------------------------
It's easy to be brave once you consider the alternatives.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum