Fedora Linux Support Community & Resources Center

Home Forums Posting Rules Linux Help Fedora Set-Up Guides Ask Fedora Fedora Project
Go Back   FedoraForum.org > Fedora 17/18 > Security and Privacy
Reload this Page iptables and syslog.conf HELP NEEDED!
FedoraForum Search
Forgot Password? Join Us!
Register All Albums FAQ Search Today's Posts Mark Forums Read

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 3rd February 2005, 02:30 PM
vjx's Avatar
vjx Offline
Registered User
  
Join Date: Nov 2004
Posts: 21
Smile iptables and syslog.conf help needed
I search and searched on www.google.com/linux and i have read trough number of netfilter documentation, but neither helpt me out.

Problem, getting syslog to log netfilter events to a different file then messages log file.

man syslog shows nothing about it, and all the netfilter documentation just say something like: "read the syslog manuals" <-- now thats not very helpfull dear guru's who make these 'excelent' guides/howto's/faqs.

My messages logs on all my fc3 systems are not well organized/readable any more, i want to change this.
Last edited by vjx; 3rd February 2005 at 09:39 PM.
Reply With Quote
  #2  
Old 4th February 2005, 06:17 AM
Jman Offline
Registered User
  
Join Date: Mar 2004
Location: Minnesota, USA
Age: 27
Posts: 7,909
Read
Code:
man syslog.conf
if you haven't already. I think those logs get output with the "kernel" facility, so you wouldn't be redirecting just netfilter logs.
Reply With Quote
  #3  
Old 4th February 2005, 09:28 AM
ghenry's Avatar
ghenry Offline
Retired Community Manager
  
Join Date: Mar 2004
Location: Scotland
Age: 35
Posts: 1,019
You should have searched the netfilter mailing list archives:

https://lists.netfilter.org/pipermai...ry/041259.html
__________________
http://blog.suretecsystems.com
Reply With Quote
  #4  
Old 4th February 2005, 01:54 PM
Dog-One's Avatar
Dog-One Offline
Registered User
  
Join Date: Sep 2004
Location: NORTHCOM
Posts: 813
I'm doing just what you want on my firewall. Hang tight I'll pull up the relevant info.
__________________
Please give credit where credit is due--say thanks in the active thread.
Refresh yourself with the Posting Guidelines........Frequently Asked Questions........Registered Linux User #369513
Reply With Quote
  #5  
Old 4th February 2005, 02:00 PM
Dog-One's Avatar
Dog-One Offline
Registered User
  
Join Date: Sep 2004
Location: NORTHCOM
Posts: 813
Okay, the first thing I did is to add
Code:
kern.debug                                              /var/log/kerndbug
to my /etc/syslog.conf file. You could name the file whatever you want; I chose kerndbug because it's possible I could see other kernel related messages in there as well as my iptables log entries.

The next thing I did was to explicitly define my log rules with iptables. Here's an example
Code:
iptables -A VDROP -j LOG --log-ip-options --log-tcp-options --log-level debug --log-prefix "VFLAG "
The log-prefix option with the quoted parameter following makes it very easy to inspect the log file and know what rule generated the entry.
__________________
Please give credit where credit is due--say thanks in the active thread.
Refresh yourself with the Posting Guidelines........Frequently Asked Questions........Registered Linux User #369513
Reply With Quote
  #6  
Old 4th February 2005, 02:04 PM
Dog-One's Avatar
Dog-One Offline
Registered User
  
Join Date: Sep 2004
Location: NORTHCOM
Posts: 813
One other note:

You may want to modify logrotate to deal with the added log file. I set my /etc/logrotate.d/syslog file like this
Code:
/var/log/messages /var/log/kerndbug /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}
which includes the additional /var/log/kerndbug file.
__________________
Please give credit where credit is due--say thanks in the active thread.
Refresh yourself with the Posting Guidelines........Frequently Asked Questions........Registered Linux User #369513
Reply With Quote
  #7  
Old 25th February 2005, 06:45 PM
tuubaaku Offline
Registered User
  
Join Date: Oct 2004
Posts: 2
I've been looking at this problem as well, and it looks like syslog-ng is a good solution. It lets you log only iptables logs to a certain file. Check it out here: http://www.balabit.com/products/syslog-ng/.
Reply With Quote
Reply

Tags
iptables, needed, syslogconf

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
syslog.conf vs rsyslog.conf Izzy1138 Using Fedora 2 31st March 2008 12:31 AM
Problems with syslog and iptables Filozoff Servers & Networking 1 22nd May 2007 09:54 AM
Syslog.conf help sheepdog_tx Using Fedora 2 19th October 2006 10:11 AM


Current GMT-time: 05:24 (Thursday, 20-06-2013)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.
Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

 FedoraForum is Powered by RedHat