if I use the final flag, postfix loggs to /var/log/messages, not to /var/log/maillog.What I am doing wrong?regards ralfHere my config:
options {
sync (0);
time_reopen (10);
[code]....
After struggling and googling on the internet I can't manage it to work.I have stup rsyslog to receive the logging from my firewall and it puts it into the syslog file.ut I would like to have a separate logfile for these messages.I have created the firwall.log file with owner syslog, same as for the syslog file.I already have tried to use in the /etc/rsyslog.d/10-firewall.conf the following ::msg, contains, "firewalld" /var/log/firewall.logor
:msg, contains, "firewalld" -/var/log/firewall.logI don't know the difference between the "-" sign in the lines but I have seen also those kind of situations.
I also have put this line into the 50-default.conf file because I thought it wasn't seeing the 10-firewall.conf file but no work.I have added a $template HostMessages, "/var/log/%HOSTNAME%/logfile.log" in the /etc/rsyslog.conf file but neither it works.In the firewall I can see the Syslog facility is now on LOG_LOCAL0 and I can change it from LOCAL0, LOCAL1, LOCAL2, ... until LOCAL7What does these different numbers mean
I was trying to edit a file requiring root permissions, so I used sudo. I typed the root password and it failed. This happened three times, and the process was ended. I then logged in as root (su) and was able to navigate to the file and make changes as root. Am I missing something? How would I edit the sudoers file such that this password would work? Or is there another way to log in to the sudo group to make these changes? How do I set sudo passwords?
View 1 Replies View RelatedGenerally SSH related log messages are logged in /var/log/messages file. Is there a way to log them in another different file? I mean is there some configuration setting to enable this?
View 7 Replies View RelatedI am facing a problem while trying to log SSH messages in a separate file, say, /var/log/ssh_logs. I have tried modifying the syslog-ng.conf file as follows:
filter f_ssh { facility(auth, authpriv) and match("sshd[[0-9]+]:"); };
destination d_ssh { file ("/var/logs/sshd_logs"); };
log {
[code]....
But still I am not able to get the ssh logs in the new file. They continue to go to /var/log/auth.
Whether I use ufw or firestarter to populate my iptables, my firewall logs get written to 3 different log files:/var/log/messages/var/log/kern.log/var/log/syslogI want to keep the logging turned on, but I'd rather it not log to syslog, as it's obscuring other events in syslog that I'd like to see. I'm using rsyslog on Ubuntu. I looked around online and found one person suggesting I add this to the top of rsyslog.conf:kern.* -/var/log/kern.logkern.* ~I did that and restarted rsyslog, but it's still logging to the same 3 files.
View 4 Replies View RelatedIm stuck on why iptables wont log to syslog.Syslog is working fine and log every other event on the server.Here is my Configs:
/etc/syslog.conf
Code:
*.* /var/log/iptables
[code]...
I'm having a lot of problems getting NIS set up with our firewall. I've looked online and no one seems to have any answers. When the firewall is off, NIS works. When it's on, it doesn't.I would like to know which ports NIS needs by logging connection attempts on the server, since I would swear the right ports seem open already. Right now I'm using this to generate the log entries:
iptables -I INPUT -m state --state NEW -j LOG --log-prefix "New Connection: "
iptables -I OUTPUT -m state --state NEW -j LOG --log-prefix "New Connection: "
However, I think it must only work for successful connections, because I'm not seeing any new entries when I try running the NIS client on another machine (ypbind).
Brief overview of my current setup:
Code:
The ip_blacklist chain is used to immediately drop any traffic from specified address ranges, while the tcp_, udp_, and icmp_packets chains contain rules for further processing of those protocols. The last rule in each of the latter three chains drops all packets that didn't match any rules above it; so tcp, udp, and icmp packets should NOT get caught by the default INPUT policy (DROP). The goal of the last rule on the INPUT chain is to then log any packets that are picked up by the default policy. However, it's not working.
I can tell that there are packets being picked off by the default policy because the counters are being incremented, but nothing is logged by that last rule. My conclusion is that it's only looking for tcp, udp, and icmp packets and ignoring everything else.
How to get iptables to log all the other protocols (or whatever is being caught by the default policy)?
I am wondering if it's possible to log the number of bytes a connection transfered when the connection is complete with iptables. I know I've seen this sort of information in Cisco FWSM logs, where the "Teardown" entry of the logs has the bytes transferred for that connection. Is it possible to have something similar to that with iptables? Where the initial connection attempt is logged (i.e. NEW, which I have logging fine) AND an entry for that connection that includes the bytes transferred?
View 6 Replies View RelatedI've set up a transparrent squid box with two nics. Eth1 = Internet eth0= LAN +Dchp my question is, can I log the data usage of a skype call. My proxy server already records all http an https requests but doesn't record some programs like skype. I know that it is not http traffic, but can I tell my system to record data use by an ip address over a nic with the help of iptables for example?
View 1 Replies View RelatedI'm trying to use these cookie cutter rules that I found. But every time I use them, after a few seconds my wifi connection goes dead. The exception was the first time I used then. Which lasted me a couple of minutes.
By dead I mean I can no longer open a webpage or ping google.
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A OUTPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP
Just to confirm - I have come to the conclusion that it is best to have separate Ubuntu installations if users of the same computer have different default firewall blocking needs. Me and my wife have totally different Internet surfing habits. I also tend to block most of the websites that she normally uses, some of which are dialed by default when opening Firefox.
We have used one desktop computer for a while now with two users in one Ubuntu installation. It is becoming too much of a hassle having to change the firewall settings each time it was changed by the other user with a previous log-on. We also have two other computers in the household for the children. I have created a Local Repository, and download updates only on my computer, saving on time and bandwidth (the only replication that takes place is downloading the index files from the update servers for each computer). Having another Ubuntu installation on the same computer will just add to the "auto update" list.
Another advantage is that my "more secure" Ubuntu partition (which may contain sensitive information from time to time) will not be mounted when my wife is on the Internet.
To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies View RelatedI am trying to forward all the incoming internet/LAN requests on port 80 to my local machine (running Apache), current iptables work (forward incoming internet traffic to my desktop, but if I try to access it from my local network it won't work. Interface connecting my Ubuntu server to the internet is ppp0 (dialed DSL connection through my router that is in bridge mode) which is connected to the eth0 and eth1 is connected to my internal LAN.
[Code]...
what i was able to gather so far (via logs), is that accessing external server ip directly from the LAN goes directly to eth1 which is understandable (i think). So what i need now (i guess) is an rule that will forward the LAN traffic on eth1 without interfering with the ppp0 prerouting rule (as forwarding all the incoming traffic on eth1 to my local machine will break the internet connection)
i set up a dmz to have a internet web server and ftp server, and ssh only from local network, so i wrote a iptables script to load during boot :
[Code]...
The problem is that everything works fine ( i have the same rules for other services such as samba, nfs, mysql on another server) BUT ftp there is no way to make it work. not even locally.when i try to connect, i log in, but while listing the directory i get MLSD ... and it hangs like this for a moment, then i get error message "connection time out" , "impossible to list directory". if i turn off the iptables script no problem,ftp works fine.. but why all services work and ftp no?
how do i have to modify the rules? what is strange also is that if i set as OUTPUT policy "accept", the server seems to be offline."host unknown" error message. I was thinking the rule INPUT is fine cause at least i can login, but the dir list is not going out, so gotta modify output rules. or state?
I have an log monitoring application that is listening on port 514 to receive events only from certain hosts.In order to control this,I've tried set up iptables to define those hosts that are allowed to this application. Here is an example of the script that contain the commands:
iptables.sh -> Code: iptables -I INPUT -p tcp -s 192.168.0.10/24 --dport 514 -j ACCEPT
iptables -I INPUT -p tcp -s 192.168.0.15/24 --dport 514 -j ACCEPT
...
[code]....
I have updated my laptop HP Pavilion dev7 to fedora 11. However, samba does not works properly. I can see share folders to mother machines, but not the shares in the laptop from other machines.The most annoying problem is that system-config-samba crashes. I run it as user, with sudo or su , but nothing.
View 8 Replies View RelatedClient is running Oracle VM Server 2.2.1 (kernel 2.6.18-128.2.1.4.37.el5xen). Storage is a NetApp 3210 (NFS configured to use TCP). Iptables on client has udp and tcp ports 111, 2049 and the NFS server ports opened. Info retrieved using: rpcinfo -p NetApp When trying a manual mount.
[Code]....
stopping iptables also works (I can manually mount the share without using proto=tcp). Is the mounting process somehow trying to negotiate first using udp which the Netapp doesn't respond and hence it fails by timing out? Can I configure iptables such that I don't have to use the proto=tcp option? Or is there another configuration file I can tweak so that I don't have to use the proto=tcp option?
Everything works except on Fedora port 110 cannot be opened no matter how hard we try, we run REH (Redhat Linux) on a colocated server, now we run Fedora in a cloud
View 6 Replies View RelatedClient is running Oracle VM Server 2.2.1 (kernel 2.6.18-128.2.1.4.37.el5xen). Storage is a NetApp 3210 (NFS configured to use TCP).
Iptables on client has udp and tcp ports 111, 2049 and the NFS server ports opened. Info retrieved using: rpcinfo -p NetApp
When trying a manual mount ...
But when using the proto=tcp option, it works ...
Stopping iptables also works (I can manually mount the share without using proto=tcp).
Is the mounting process somehow trying to negotiate first using udp which the Netapp doesn't respond and hence it fails by timing out?
Can I configure iptables such that I don't have to use the proto=tcp option? Or is there another configuration file I can tweak so that I don't have to use the proto=tcp option?
I am having trouble logging into a newly installed CentOS 5.3 box. I can SSH into the machine with root but can not do so with any normal users. I get the error, "connection refused." My firewall is currently turned off.
View 12 Replies View RelatedI've spent days trying to setup access properly from a public address to a monitoring server that works fine locally. Everything works from public access until I try to link to a CVS repository. The rancid CVS repository is set up as a separate server (virtualhost). It appears the referring link causes a DNS error (105: Server Not Found) when the CVS repository server is accessed from the public address. Things work fine when accessing via localhost.
Localhost link:
[URL]
Public link: (this results in 105 error caused by redirection (bold portion of link))
[URL]
Code:
Virtualhost config:
LoadModule jk_module /usr/lib/apache2/modules/mod_jk.so
JkWorkersFile /etc/apache2/workers.properties
JkLogFile /var/log/apache2/mod_jk.log
[code]....
i am currently trying to install vsFTP onto my new linux server and btw i just started using linux today this is my first time using linux so i got the ftp installed good it got downloaded and everything then i went to open a port for my server for vsFTP i used this comand to open it "-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT" then i closed it by pressing ESC then :wq! and it brought me back to my comand line again so now when i try to start the ip table thing with the comand "service iptables start" then when i execute that comand putty respondes with this "Applying iptables firewall rules: iptables-restore: line 1 failed [FAILED]"
The install Guide im using: [URL]
I had a sata drive go down on my software raid array a couple days ago..After replacing the defective drive, I rebuilt it using fdisk to set partitions and mdadm to add the drive back into the raid array.After getting md2 to mount to /mnt I copied the /mnt/etc/fstab and /mnt/etc/mdadm.conf to the /etc directory and rebooted..When I boot, my /dev/md2 partition is not mounting to / It is not loading all of the services at boot time it should.. the size of /dev/md2 on / is even wrong.. it should be about 1.3TBwhen I manually mount /dev/md2 to /mnt I can access all of my data, through /mnt/var/www/vhosts and so on.. I am at a loss, why is the machine booting to this craziness?All of my data, that I know of can be accessed when md2 is mounted to /mnt[root@ESS000272 etc]# cat mdadm.conf
# mdadm.conf written out by anaconda
DEVICE partitions
MAILADDR root
[code]....
I'v multi v-host . need to make each V-Host work under separate user (not apache user).
There is one module/patch call " mpm-itk " . In Debian/Ubuntu every thing is sweet
just do
apt-get install apache2-mpm-prefork libapache2-mod-php5 or aptitude install apache2-mpm-itk
that is all
But in CentOS 5.3 , there is always some difficult different (Why ? I do not know)
Kindly, Look to this solutions : [URL]
Is there possibility to avoid this complications ?
- I need solution without compiling + patching the apache , Is this possible ?
I have tried loading 11.4 from the DVD from Linux Magazine. Everything goes swimmingly until I get to using it when the screen shows black rectangles, is "twitchy" and nothing works properly. I currently run 11.3 which works fine.
View 3 Replies View RelatedI have installed xubuntu version 10. My sound card is a Yamaha dS-1S, and seems to be properly configured. Alsa mixer doesn't indicates any error. However, I can't manage to get any sound. I have checked that jacks are correctly plugged.
View 4 Replies View RelatedCentos noob with fresh install of Centos 5 DVD on AMD w ATI Radeon 9250 /1 gb RAM/320gb HDD. Don't see an "installation" forum so posting here. Read here -> and following page which seems to indicate the default option on a new unformatted 320gb HD is suitable for most users, so selected it just to see. Install went fine. Using KDE as default desktop.cat /etc/fstab shows:
[root@centosdesktop user]# cat /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
[code]....
If I ssh from my laptop (running F10) to the server (centos 5.2) it asks for the password, but everytime I enter the correct password it says incorrect password. when I do the same from the server to my laptop I can get in just fine. I think my passwords are stored as ssha in the LDAP (I tried clear passwords and that dosen't work either).
View 1 Replies View Related