Server :: Iptables Logging To 3 Log Files?
Jul 21, 2010
Whether I use ufw or firestarter to populate my iptables, my firewall logs get written to 3 different log files:/var/log/messages/var/log/kern.log/var/log/syslogI want to keep the logging turned on, but I'd rather it not log to syslog, as it's obscuring other events in syslog that I'd like to see. I'm using rsyslog on Ubuntu. I looked around online and found one person suggesting I add this to the top of rsyslog.conf:kern.* -/var/log/kern.logkern.* ~I did that and restarted rsyslog, but it's still logging to the same 3 files.
View 4 Replies
ADVERTISEMENT
Aug 6, 2010
Im stuck on why iptables wont log to syslog.Syslog is working fine and log every other event on the server.Here is my Configs:
/etc/syslog.conf
Code:
*.* /var/log/iptables
[code]...
View 1 Replies
View Related
Mar 8, 2010
I'm having a lot of problems getting NIS set up with our firewall. I've looked online and no one seems to have any answers. When the firewall is off, NIS works. When it's on, it doesn't.I would like to know which ports NIS needs by logging connection attempts on the server, since I would swear the right ports seem open already. Right now I'm using this to generate the log entries:
iptables -I INPUT -m state --state NEW -j LOG --log-prefix "New Connection: "
iptables -I OUTPUT -m state --state NEW -j LOG --log-prefix "New Connection: "
However, I think it must only work for successful connections, because I'm not seeing any new entries when I try running the NIS client on another machine (ypbind).
View 5 Replies
View Related
Jun 21, 2010
Brief overview of my current setup:
Code:
The ip_blacklist chain is used to immediately drop any traffic from specified address ranges, while the tcp_, udp_, and icmp_packets chains contain rules for further processing of those protocols. The last rule in each of the latter three chains drops all packets that didn't match any rules above it; so tcp, udp, and icmp packets should NOT get caught by the default INPUT policy (DROP). The goal of the last rule on the INPUT chain is to then log any packets that are picked up by the default policy. However, it's not working.
I can tell that there are packets being picked off by the default policy because the counters are being incremented, but nothing is logged by that last rule. My conclusion is that it's only looking for tcp, udp, and icmp packets and ignoring everything else.
How to get iptables to log all the other protocols (or whatever is being caught by the default policy)?
View 5 Replies
View Related
Mar 28, 2011
I am wondering if it's possible to log the number of bytes a connection transfered when the connection is complete with iptables. I know I've seen this sort of information in Cisco FWSM logs, where the "Teardown" entry of the logs has the bytes transferred for that connection. Is it possible to have something similar to that with iptables? Where the initial connection attempt is logged (i.e. NEW, which I have logging fine) AND an entry for that connection that includes the bytes transferred?
View 6 Replies
View Related
Feb 3, 2010
I've set up a transparrent squid box with two nics. Eth1 = Internet eth0= LAN +Dchp my question is, can I log the data usage of a skype call. My proxy server already records all http an https requests but doesn't record some programs like skype. I know that it is not http traffic, but can I tell my system to record data use by an ip address over a nic with the help of iptables for example?
View 1 Replies
View Related
Jun 4, 2009
if I use the final flag, postfix loggs to /var/log/messages, not to /var/log/maillog.What I am doing wrong?regards ralfHere my config:
options {
sync (0);
time_reopen (10);
[code]....
View 2 Replies
View Related
Dec 1, 2015
I'm trying to use these cookie cutter rules that I found. But every time I use them, after a few seconds my wifi connection goes dead. The exception was the first time I used then. Which lasted me a couple of minutes.
By dead I mean I can no longer open a webpage or ping google.
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A OUTPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP
View 9 Replies
View Related
Oct 28, 2010
I'm looking for a way to use klogd and/or syslogd to log all the default message levels to the standard /var/log/messages. I also want all kernel (and possibly user) error messages to also be logged to a second file. Is this even possible?
View 3 Replies
View Related
Sep 29, 2010
I'm deleting logs after they are backed up. The line below in a script is doing it but I'd like to print the list of files that are deleted into a log file. I tried printf at the end but can't seem to get it to work. I'm not sure how to output that at the end of the string. Also I was looking at man find man and the difference btween -exec and -execdir. I don't understand what it's saying. Is -execdir executing rm m within the /opt/temp/logs directory the difference?
View 4 Replies
View Related
May 18, 2010
we need to log web access of a certain set of users for analysis. We decided to setup a proxy server which just logs all the requests but does not do anything else like caching/access control etc.All users will be using a fixed set of computers and hence we can redirect their requests to the proxy. I came across Squid, but found it to be too heavy for our requirements. Is there any other proxy-server software that is good enough for what we want or is Squid the only way?
View 1 Replies
View Related
May 18, 2010
I have an issue with users logging into a server. There are multiple (5 or so) database admins that have to log into a windows 2003 server and from there log into a red hat server. Once they are in the rhel box they execute an app (let's say xclock) that gives them an xwindows session on their desktop. Currently only one person can do this at a time, but they have asked me to configure it to allow multiple users to log into the red hat box from the windows server and run an xwindow.
View 6 Replies
View Related
Jul 22, 2010
After reading this pdf on top 5 things to log for security, ive decided to attempt this for my webserver. how i might setup some logging systems to do these tasks. Basic things i need to be able to do: Record things like password attempts on htaccess files, from what IP address, and how many attempts there were. Any useful links anyone can think of to get me started? Im a student programmer at university so any programming i should be able to cope fine.
View 2 Replies
View Related
May 5, 2011
i am learning about the ability to utilize the rsyslog ability to be a server for the logging info from other machines. i have did it successfully, and i get logs from other machines through the network, but i don't know where i can set the server for my desire act on these logs that come from the network. i essence the question is: why the server put some logs at /var/log/messages, and others not ?
View 2 Replies
View Related
Nov 15, 2010
I have 2 servers running CentOS 5.4 Final, one is 32 bit and the other is x86_64.When I ssh to either server, the session will freeze after a while and I cannot type anything except I close the term. This has happened before, and I thougthat was caused by iptables' rulesBut now I turned off iptables and the problem remains.I tried tcpdump on my machine(client running OpenSUSE 11.2), and it shows that after the freezing, client will still sent ack message to the server.So I think this may be caused by the server.Note that I can ping the server smoothly.Does anybody meet this problem before
View 2 Replies
View Related
Jan 3, 2010
I want to login to my company's server (remote) from my room. I have the server address, so I use this command to login :
Code:
#ssh root@X.X.X.X
It waits for a very long time and then returns with error connection timed out port 22.
I configured these settings in the remote server :
Code:
#/etc/init.d/iptables stop
Then I connect via ssh from my home but still the same error.
Then in the config file /etc/ssh/sshd_config, I uncomment the line : ListenAddress 0.0.0.0
I connect via ssh again from home but still the same error.
The connection is not denied in hosts.deny and hosts.allow.
How do I get the connection up and running?
View 5 Replies
View Related
Jul 12, 2010
i have fedora 7 server running just zimbra email server. but i forgot the password.
i used a livecd ubuntu then i went to /etc/shadow i used gedit and i remove the hash between the ": :" then saved file. i reboot but i still can not logging. and it does a weird thing. i wrote root then the i hit enter when ask for the password i hit enter. then the screen clean up by it self then it ask for logging again. It does nt say that the password is wrong or any other error.
also i went to single-user mode then once i m at # i wrote passwd root then new password then i reboot but i still have the same problem. i cant logging.
View 3 Replies
View Related
Jul 16, 2010
how to disable postfix logging? I can obviously set a macro to purget the logs but I am trying to reduce the IO of the logging altogether.
how to disable it?
View 1 Replies
View Related
Oct 10, 2010
i already setup a skolelinux 5 main server & a skolelinux workstationboth can ping eachother and resolve each other's name since i already added the workstation in the main server using lwat but i cannot log in from the workstation with the user that i had added on the main server. What should i do to make this work?
View 2 Replies
View Related
Aug 31, 2010
When I try to log into the webgui I am getting a file to download labled "nagios". When double-clicking the file I get the error " The file /path/to/file cannot be found. Please check the location and try again".
View 10 Replies
View Related
Mar 10, 2011
I'm guessing its possible but I can't seem to find any documentation on how to do this.I've tried playing with entries at the top of my syslog.conf file like:
*.* @172.20.10.1 # 1 server, works file
*.* @172.20.10.1,172.20.20.11 # doesn't work
*.* @172.20.10.1 172.20.20.11 # nor this
*.* @172.20.10.1,@172.20.20.11 # nor this
*.* @172.20.10.1 @172.20.20.11 # nor this
View 3 Replies
View Related
Dec 13, 2010
I have RHEL4 server. my root is able to login from CUI mode but not able to login from GUI mode. normal user is able to login from GUI mode and we go to root through su command but directly root is not able to login from GUI
View 2 Replies
View Related
Oct 27, 2010
I have recently configured sshd_config to have chrooted SFTP service. I'm using SFTP internal-sftp config. However now I have to figure out how to log file transfers happening using the SFTP service. I'm using the Ubuntu Server 10.04 (64bit)
View 3 Replies
View Related
Feb 28, 2011
Everytime I log into the linux server at my workplace (I use putty), I don't get the bash prompt right away. I need to execute the command 'bash' to get it. Anyway to make this automatic? e.g.
Code:
host:1>
host:1> bash
user@host:~$
View 17 Replies
View Related
Aug 26, 2010
Is there somewhere in WHM where I can allow and disallow various ip addresses to login using PuTTY for SSH.OpenSSH Server, is not running (for security reasons).If OpenSSH is not running, is there a way to allow certain ip addresses only to use ssh.
View 9 Replies
View Related
Jan 4, 2010
I am having problems logging into my SME Linux server from a new Windows 7 machine. It sees the server on the network, but does not seem to be passing the windows login through to the Linux server (which is how all of the XP machines log in). When I try to log in using a valid username and password it goes nowhere and just says it is an invalid username and/or password. I had a Vista machine that could log into this Linux server so I do not think the Samba version is the problem.
View 2 Replies
View Related
Mar 12, 2011
Setup a new machine with Apache, identical setup to all the other machines I got, yet this one is logging hostnames instead of IPs.
"HostnameLookups" are "Off" and LogFormat settings are identical to all the other machines:
Code:
Added a new LogFormat directive:
Code:
And told the virtual hosts to use it:
Code:
This solved the problem, though I'm at a loss as to why I've got this behavior on just this one box and none of the others. OS is Debian Lenny, same version of Apache installed via Debian package.
My understanding from Apache doc [url] is that when "HostnameLookups" are "Off, "%h" will yield IP instead of hostname..
Code:
It features support for HTTPS, virtual hosting, CGI, SSI, IPv6, easy scripting and database integration, request/response filtering, many flexible authentication schemes, and more. Homepage: [url]
View 4 Replies
View Related
Mar 15, 2010
Ive searched forums and read syslog dhcpd man pages, but cannot figure out how to completely disable dhcpd logging :S
View 6 Replies
View Related
May 2, 2010
I wanted to know is there any way to monitor (I mean log)all of the activity of the users that logging in a server (as root) for example:
1.when do they logging in
2.what commands do they use at what time ( I know that history command do somehow the same but it does not save all of the activity of users exactly with the time of that activity)
3.which one of them installed which package on the server
4.what did they copy or move at what time and summery all the activity that each of them do on the server individually.
View 1 Replies
View Related
May 16, 2010
I've checked and double checked that there is no user and password directive in /etc/my.cnf and ~/.my.cnf but it seems that every time I issue mysql it will drop me into the command line without prompting for a password or giving any pause. Of course, the only table I have access to when doing this is information_schema with read only on most of it and no access on the rest, but I was just wondering where else an auto-login style authentication could be coming from.
View 11 Replies
View Related
