Im stuck on why iptables wont log to syslog.Syslog is working fine and log every other event on the server.Here is my Configs:
/etc/syslog.conf
Code:
*.* /var/log/iptables
[code]...
I'm guessing its possible but I can't seem to find any documentation on how to do this.I've tried playing with entries at the top of my syslog.conf file like:
*.* @172.20.10.1 # 1 server, works file
*.* @172.20.10.1,172.20.20.11 # doesn't work
*.* @172.20.10.1 172.20.20.11 # nor this
*.* @172.20.10.1,@172.20.20.11 # nor this
*.* @172.20.10.1 @172.20.20.11 # nor this
There was an useful discussion on "how to stop logging cron to syslog". The useful answer is to update the line targeting syslog in /etc/syslog.conf to say something like:
Code:
*.*;auth,authpriv.none,mail.none,cron.none -/var/log/syslog
the significant part being that cron.none means that cron will not log to syslog.
There was discussion about whether this was a good thing to do, but omitted to suggest that adding/ uncommenting the following line would mean that no information would be lost but that syslog would be less cluttered as a source of monitoring info:
Code:
cron.* -/var/log/cron.log
You've still got all your cron-related log items available in cron.log if and when you need them. To make the new /etc/syslog.conf lines effective you should also, with root privileges:
Code:
touch /var/log/cron.log
chown syslog:adm /var/log/cron.log
and restart syslog. In my case:
Code:
/etc/init.d/sysklogd restart
I'm looking into setting up logging for Samba that logs every file downloaded, uploaded, renamed, deleted, etc, etc. It's currently working, but I'm trying to get it to output to /var/log/samba/audit.log and it's still outputtin Here are my current settings:
[Code]...
I am facing a problem while trying to log SSH messages in a separate file, say, /var/log/ssh_logs. I have tried modifying the syslog-ng.conf file as follows:
filter f_ssh { facility(auth, authpriv) and match("sshd[[0-9]+]:"); };
destination d_ssh { file ("/var/logs/sshd_logs"); };
log {
[code]....
But still I am not able to get the ssh logs in the new file. They continue to go to /var/log/auth.
For remote syslog logging of the general log files, I set:
Quote:
How do I setup the remote syslog logging of apache logs? Do I just add a line in the httpd.conf file to for example ?:
Quote:
I'm having trouble getting my pix firewall to log to syslog server. Here are the steps I took:
1) Added the following line to /etc/sysconfig/syslog:
SYSLOG_OPTIONS "-m 0 -r514"
**for some reason, without the 514, syslog doesn't listen
[code]....
Is there an easy way to prevent the logging of commands run into syslog as post-shell expansion?
I.e log a command of "ls *.log" as just that, rather than "ls a.log b.log c.log d.log" It makes rather a mess of the log files.
turn up the level of logging that my DHCP Server is writing to SYSLOG?I can't seem to find a syslog.conf file to edit.
View 1 Replies View RelatedWhether I use ufw or firestarter to populate my iptables, my firewall logs get written to 3 different log files:/var/log/messages/var/log/kern.log/var/log/syslogI want to keep the logging turned on, but I'd rather it not log to syslog, as it's obscuring other events in syslog that I'd like to see. I'm using rsyslog on Ubuntu. I looked around online and found one person suggesting I add this to the top of rsyslog.conf:kern.* -/var/log/kern.logkern.* ~I did that and restarted rsyslog, but it's still logging to the same 3 files.
View 4 Replies View RelatedI wish to prevent the samba messages (mainly nmbd and winbindd) from appearing in the system log (/var/log/messages). I want to allow samba logging to the standard samba logfiles, but prevent the syslog getting clogged up by samba. I added syslog = 0 to smb.conf and reloaded the config but the messages were still appearing. I also tried the following (and restarted the syslog via /sbin/service syslog restart) # Suppress messages from samba.
nmbd.* /dev/null
smbd.* /dev/null
winbindd.* /dev/null
For interests sake the messages I'm getting are below (I'm not concerned about the messages themselves, I can chase them up at my leisure via the samba logs) Mar 18 09:58:29 SERVER nmbd[3808]: query_name_response: Multiple (2) responses received for a query on subnet xx.yy.z.zz for name DOMAIN<1d>. Mar 18 09:58:29 SERVER nmbd[3808]: This response was from IP xx.yy.z.zz, reporting an IP address of xx.yy.z.zz.
I'm having a lot of problems getting NIS set up with our firewall. I've looked online and no one seems to have any answers. When the firewall is off, NIS works. When it's on, it doesn't.I would like to know which ports NIS needs by logging connection attempts on the server, since I would swear the right ports seem open already. Right now I'm using this to generate the log entries:
iptables -I INPUT -m state --state NEW -j LOG --log-prefix "New Connection: "
iptables -I OUTPUT -m state --state NEW -j LOG --log-prefix "New Connection: "
However, I think it must only work for successful connections, because I'm not seeing any new entries when I try running the NIS client on another machine (ypbind).
Brief overview of my current setup:
Code:
The ip_blacklist chain is used to immediately drop any traffic from specified address ranges, while the tcp_, udp_, and icmp_packets chains contain rules for further processing of those protocols. The last rule in each of the latter three chains drops all packets that didn't match any rules above it; so tcp, udp, and icmp packets should NOT get caught by the default INPUT policy (DROP). The goal of the last rule on the INPUT chain is to then log any packets that are picked up by the default policy. However, it's not working.
I can tell that there are packets being picked off by the default policy because the counters are being incremented, but nothing is logged by that last rule. My conclusion is that it's only looking for tcp, udp, and icmp packets and ignoring everything else.
How to get iptables to log all the other protocols (or whatever is being caught by the default policy)?
I am wondering if it's possible to log the number of bytes a connection transfered when the connection is complete with iptables. I know I've seen this sort of information in Cisco FWSM logs, where the "Teardown" entry of the logs has the bytes transferred for that connection. Is it possible to have something similar to that with iptables? Where the initial connection attempt is logged (i.e. NEW, which I have logging fine) AND an entry for that connection that includes the bytes transferred?
View 6 Replies View RelatedI've set up a transparrent squid box with two nics. Eth1 = Internet eth0= LAN +Dchp my question is, can I log the data usage of a skype call. My proxy server already records all http an https requests but doesn't record some programs like skype. I know that it is not http traffic, but can I tell my system to record data use by an ip address over a nic with the help of iptables for example?
View 1 Replies View Relatedif I use the final flag, postfix loggs to /var/log/messages, not to /var/log/maillog.What I am doing wrong?regards ralfHere my config:
options {
sync (0);
time_reopen (10);
[code]....
I'm trying to use these cookie cutter rules that I found. But every time I use them, after a few seconds my wifi connection goes dead. The exception was the first time I used then. Which lasted me a couple of minutes.
By dead I mean I can no longer open a webpage or ping google.
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A OUTPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP
I am looking for an open source syslog server which accumulate the each and every log of Windows, Solaris, Linux and network devices. Currently I am using Syslog-ng which is not fulfiling my requirement in Windows clients, as I need the logs of every action which user performed after logon.
View 2 Replies View Relatedtrying to replace syslog with syslog-ng. When I:
yum erase syslog,
wants to remove everything else that (presumably) has syslog as a dependency. how do I replace the dependency on syslog with a dependency on syslog-ng?
I noticed in my system that my root partition is getting full. I found a lot of old compacted syslogfiles. Had a look at etc/sysconfig editor eg cron but could not find a setting which allows to delete files older than a month. Where and how could I influence this ? I deleted manually all syslog files older than a month. Approx 6GB
View 9 Replies View RelatedI am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies View RelatedI am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies View RelatedI am going to start studying IPTABLES for Linux Firewall. Can any one suggest me the best Book for IPTABLES contains everything of iptables.
View 2 Replies View RelatedI'm working on a Soekris net4801 that is running an unknown distro of Linux. The kernel is 2.4.29, and iptables is v1.3.4.
I can't work out how to save the iptables. I searched the whole system for files/folders containing the name "iptables" and got 3 results:
/user/local/lib/iptables
/sbin/iptables
/lib/iptables
I've tried iptables save, iptables-save and iptables save active.
"iptables save" and "iptables save active" give me an invalid argument error. "iptables-save" isn't a valid command. "iptables --help" gives me a list of valid switches, none of which have to do with saving.
how I can save the iptables?
Recently I had to login to OS 11.3 via tty, but was unable to. Tty screen was flooded with syslog output. Instead of outputting info only on tty10 it was throwing it on every tty (1-6), I switched to.
How to fix this behaviour and restrict syslog output only to tty10?
I wonder how I can filter the syslog? i.e. there is a message that I don't want to see logged in there etc?
View 3 Replies View Related