Here i will show you how to make iptables log to a separate file on centos.
First i will create a folder for iptables log
[root@test]# mkdir /var/log/iptables/
Now i need to create a file "/etc/rsyslog.d/iptables.conf " and give it a little content
[root@test]# vim /etc/rsyslog.d/iptables.conf
:msg, startswith, "iptables: " -/var/log/iptables/iptables.log
&~
Open your rsyslog.conf file and modify below things
[root@test]# vim /etc/rsyslog.conf
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none;kern.none /var/log/messages
# iptables log
kern.* /var/log/iptables/iptables.log
use below command to restart the rsyslog
[root@test]# service rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
[root@test]#
Now you can see all the iptables message logged to a separate file "iptables.log"
[root@test]# tailf /var/log/iptables/iptables.log
Feb 09 23:39:46 test kernel: iptables_InvalidDrop IN=eth0 OUT= MAC=38:60:77:ef:df:d8:00:26:88:75:e7:84:08:00 SRC=83.243.58.157 DST=192.168.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=57543 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
Feb 09 23:39:46 test kernel: iptables_InvalidDrop IN=eth0 OUT= MAC=38:60:77:ef:df:d8:00:26:88:75:e7:84:08:00 SRC=83.243.58.157 DST=192.168.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=57543 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
Feb 09 23:39:46 test kernel: iptables_InvalidDrop IN=eth0 OUT= MAC=38:60:77:ef:df:d8:00:26:88:75:e7:84:08:00 SRC=83.243.58.157 DST=192.168.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=57543 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
Feb 09 23:39:46 test kernel: iptables_InvalidDrop IN=eth0 OUT= MAC=38:60:77:ef:df:d8:00:26:88:75:e7:84:08:00 SRC=83.243.58.157 DST=192.168.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=57543 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
Feb 09 23:39:46 test kernel: iptables_InvalidDrop IN=eth0 OUT= MAC=38:60:77:ef:df:d8:00:26:88:75:e7:84:08:00 SRC=83.243.58.157 DST=192.168.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=57543 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
First i will create a folder for iptables log
[root@test]# mkdir /var/log/iptables/
Now i need to create a file "/etc/rsyslog.d/iptables.conf " and give it a little content
[root@test]# vim /etc/rsyslog.d/iptables.conf
:msg, startswith, "iptables: " -/var/log/iptables/iptables.log
&~
Open your rsyslog.conf file and modify below things
[root@test]# vim /etc/rsyslog.conf
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none;kern.none /var/log/messages
# iptables log
kern.* /var/log/iptables/iptables.log
use below command to restart the rsyslog
[root@test]# service rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
[root@test]#
Now you can see all the iptables message logged to a separate file "iptables.log"
[root@test]# tailf /var/log/iptables/iptables.log
Feb 09 23:39:46 test kernel: iptables_InvalidDrop IN=eth0 OUT= MAC=38:60:77:ef:df:d8:00:26:88:75:e7:84:08:00 SRC=83.243.58.157 DST=192.168.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=57543 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
Feb 09 23:39:46 test kernel: iptables_InvalidDrop IN=eth0 OUT= MAC=38:60:77:ef:df:d8:00:26:88:75:e7:84:08:00 SRC=83.243.58.157 DST=192.168.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=57543 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
Feb 09 23:39:46 test kernel: iptables_InvalidDrop IN=eth0 OUT= MAC=38:60:77:ef:df:d8:00:26:88:75:e7:84:08:00 SRC=83.243.58.157 DST=192.168.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=57543 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
Feb 09 23:39:46 test kernel: iptables_InvalidDrop IN=eth0 OUT= MAC=38:60:77:ef:df:d8:00:26:88:75:e7:84:08:00 SRC=83.243.58.157 DST=192.168.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=57543 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
Feb 09 23:39:46 test kernel: iptables_InvalidDrop IN=eth0 OUT= MAC=38:60:77:ef:df:d8:00:26:88:75:e7:84:08:00 SRC=83.243.58.157 DST=192.168.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=57543 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
No comments:
Post a Comment