Wiki

User Tools

Site Tools

Trace:
iptables:log_firewall_messages_to_a_separate_file

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

iptables:log_firewall_messages_to_a_separate_file [2016/10/07 23:38] – created peteriptables:log_firewall_messages_to_a_separate_file [2019/11/29 17:40] (current) – removed peter
Line 1: Line 1:
-====== IPTables - Log firewall messages to a separate file ====== 
- 
-Issue the following command: 
- 
-<code bash> 
-sudo vi /etc/rsyslog.d/50-default.conf 
-</code> 
- 
-and comment out the following lines near the bottom of the file by placing a hash # mark in front: 
- 
-<file bash /etc/rsyslog.d/50-default.conf> 
-daemon.*;mail.*;\ 
-news.err;\ 
-*.=debug;*.=info;\ 
-*.=notice;*.=warn |/dev/xconsole 
-</file> 
- 
-to 
- 
-<file bash /etc/rsyslog.d/50-default.conf> 
-#daemon.*;mail.*;\ 
-# news.err;\ 
-# *.=debug;*.=info;\ 
-# *.=notice;*.=warn |/dev/xconsole 
-</file> 
- 
-There is a bug in the default installation, in that on a server no /dev/xconsole exists. 
- 
-Therefore this entire section if commented out. 
- 
-Issue the following command: 
- 
-<code bash> 
-sudo vi /etc/rsyslog.d/20-iptables.conf 
-</code> 
- 
-and add the following lines to the file: 
- 
-<file bash /etc/rsyslog.d/20-iptables.conf> 
-# Log kernel generated iptable log messages to file 
-:msg,contains,"iptables: " /var/log/iptables.log 
-# Uncomment the following to stop logging anything that matches the last rule. 
-# Doing this will stop logging kernel generated iptables log messages to the file 
-# normally containing kern.* messages (eg, /var/log/kern.log) 
-& ~ 
-</file> 
- 
-This logs all firewall related messages to /var/log/iptables.log. 
- 
- 
-===== Prevent the logfile getting to big ===== 
- 
-Issue the following command: 
- 
-<code bash> 
-sudo vi /etc/logrotate.d/iptables 
-</code> 
- 
-and add the following lines to the file: 
- 
-<file bash /etc/logrotate.d/iptables> 
-/var/log/iptables.log 
-{ 
-    rotate 3 
-    daily 
-    missingok 
-    notifempty 
-    delaycompress 
-    compress 
-    postrotate 
-        /usr/sbin/service rsyslog restart > /dev/null 
-    endscript 
-} 
-</file> 
- 
-A logrotate job is created to run daily to keep the log file from getting too large. 
- 
-To view the firewall log file, issue the command: 
- 
-<code bash> 
-sudo cat /var/log/iptables.log | grep DPT=22 | cut -d" " -f1-4,9,13,14,21,22,23,26 
-</code> 
- 
- 
-===== Restart rsyslog ===== 
- 
-Issue the following command: 
- 
-<code bash> 
-sudo service rsyslog restart 
-</code> 
  
iptables/log_firewall_messages_to_a_separate_file.1475883501.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki