字體:  

iptables log 設定如何啟用

apple 發表於: 2011-11-04 21:00 來源: ADJ網路控股集團


要讓 iptables 留下 log ...可以這樣做~~

 

Iptables default log file

For example, if you type the following command, it will display current iptables log from /var/log/messages file:

預設log會到/var/log/messages,如果要改到其他目錄 syslog.conf 該如何設定 ?

 

Procedure to log the iptables messages to a different log file

Open your /etc/syslog.conf file:

QUOTE:

# vi /etc/syslog.conf

 

Append following line

QUOTE:

kern.warning              /var/log/iptables.log

 

Save and close the file.

Restart the syslog

QUOTE:

service syslog restart

 

在Firewall 設定加上

QUOTE:

iptables -A FORWARD -p tcp -j LOG --log-prefix '** HACKERS **' --log-level 4

 

Where,

  • --log-level 4: Level of logging. The level # 4 is for warning.
  • --log-prefix '*** TEXT ***': Prefix log messages with the specified prefix (TEXT); up to 29 letters long, and useful for distinguishing messages in the logs.

 

You can now see all iptables message logged to /var/log/iptables.log file:

 

QUOTE:

# tail -f /var/log/iptables.log