[SOLVED] How to get iptables to log to a file...

Support for security such as Firewalls and securing linux
Post Reply
intermediatelinux
Posts: 56
Joined: 2014/01/25 09:32:09

[SOLVED] How to get iptables to log to a file...

Post by intermediatelinux » 2014/01/25 09:48:00

.. indeed, to log anywhere?

I've set up iptables on my server, and tested it from inside the LAN and from another couple of accounts I have outside, at work etc. It seems to be doing the job.

However, it doesn't seem to write anything to /etc/var/messages..

Code: Select all

[john@socrates etc]# grep "iptables" /var/log/messages
[john@socrates etc]#  
In fact, the only time that 'iptables' appears anywhere in /var/log* is in the yum log.

I think that I've set up logging correctly ..?

Code: Select all

[john@socrates etc]# /sbin/iptables-save | grep "LOG"
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
OK, so then I look and to my consternation ...

Code: Select all

[john@socrates etc]# ls -l /etc/syslog.conf
ls: cannot access /etc/syslog.conf: No such file or directory
What's that all about? How can I be logging other stuff (httpd, sshd, mysqld, sendmail...), if there's no syslogd running?

Can someone tell me how to log iptables to /var/log/iptables (which I have already touched)?

Thanks.
Last edited by intermediatelinux on 2014/01/27 06:35:42, edited 1 time in total.

Whoever
Posts: 1138
Joined: 2013/09/06 03:12:10

Re: How to get iptables to log to a file...

Post by Whoever » 2014/01/25 17:40:04

In order for IPTABLES to log anything, you have to send the packets through the LOG target before the DROP target.

intermediatelinux
Posts: 56
Joined: 2014/01/25 09:32:09

Re: How to get iptables to log to a file...

Post by intermediatelinux » 2014/01/25 19:25:30

Whoever wrote:In order for IPTABLES to log anything, you have to send the packets through the LOG target before the DROP target.
Indeed, and it is. The last two lines in my iptables configuration file are ..

Code: Select all

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 
-A INPUT -j DROP
Yet still nothing in /var/log/messages.

Whoever
Posts: 1138
Joined: 2013/09/06 03:12:10

Re: How to get iptables to log to a file...

Post by Whoever » 2014/01/25 22:30:20

What's in /etc/rsyslog.conf (note the "r")?

intermediatelinux
Posts: 56
Joined: 2014/01/25 09:32:09

Re: How to get iptables to log to a file...

Post by intermediatelinux » 2014/01/26 00:25:01

.. and yes, perfect. Thank you! :D

Post Reply

Return to “CentOS 6 - Security Support”