Hello
Is there a way to get ipchains to log to a seperate file? At the moment it is logging into /var/log/messages, but I would like it done in a file just for ipchains. Thank you Wazza |
Are you familiar with grep, awk, sed, tr and so on?
If not, you might have a look at a logchecker like logcheck ;-) http://www.psionic.com/ And if you are there, you might also take a look at portsentry. |
Ok grep is good enough, but I'm also wondering if anyone has come up with a way to do this. It would be a nice feature since I always take a quick look a /var/log and seeing a file called ipchains with a positive file size would be a quick tip off that someone is trying something...
-Mark |
Why do you want to put it in a file? Okay i still prefer the "logchecker" software but you can do it also with a little script.
My firewall logs everything (scans, stealth-scans, connection-attempts etc.) to the /var/log/messages file. So i would write a little script, that also includes a line like this: cat messages | grep -i "Packet log:" | awk '{print $12}' In my case this would give me the ip-address of a poosible intruder. You should finetune this with "sed". Create a cronjob and wait for mail that will inform you on what's going on! I hope this might help you. |
I can dig it. Thanks man.
|
what about ipchains-save > /path/to/file , you can also restore by typing ipchains-restore > /path/from/file
|
Can't Get ipchains to log
Hi, Pretty new to Linux, I?m using RH 6.2. I need some help on getting ipchains to log. My /etc/syslog.conf is as follows: kern.* /var/log/kern.log *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none /var/log/messages I set a rule and it works, but I can not get it to log?anywhere that I can tell. Only thing it does log is when I flush out the polices: Apr 1 17:53:08 dsl081 ipchains: Flushing all chains: succeeded Apr 1 17:53:08 dsl081 ipchains: Removing user defined chains: succeeded Apr 1 17:53:08 dsl081 ipchains: Resetting built-in chains to the default ACCEPT policy succeeded I have been playing around with an icmp (ping) rule and it works fine?just wont log root /sbin/ipchains -l -A input -p icmp --icmp-type echo-request -s 0/0 -d 64.31.56.245 -j ACCEPT Any help would be greatly appreciated! -Ward |
Can't Get ipchains to log
Hi, Pretty new to Linux, I?m using RH 6.2. I need some help on getting ipchains to log. My /etc/syslog.conf is as follows: kern.* /var/log/kern.log *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none /var/log/messages I set a rule and it works, but I can not get it to log?anywhere that I can tell. Only thing it does log is when I flush out the polices: Apr 1 17:53:08 dsl081 ipchains: Flushing all chains: succeeded Apr 1 17:53:08 dsl081 ipchains: Removing user defined chains: succeeded Apr 1 17:53:08 dsl081 ipchains: Resetting built-in chains to the default ACCEPT policy succeeded I have been playing around with an icmp (ping) rule and it works fine?just wont log root /sbin/ipchains -l -A input -p icmp --icmp-type echo-request -s 0/0 -d 64.31.56.245 -j ACCEPT Any help would be greatly appreciated! -Ward |
Hi there.
I might be wrong, but if any input rules are Appended, should they be listed after the -A option?? mine is written: /sbin/ipchains -A input -l -J DENY -p icmp -s 0/0 echo-request -i ppp0 Might be nothing in it, some one in here will know the answer I'm sure. Wazza |
Hi Wazza,
Thanks. I tried that with no difference. However, I have since discovered that by starting klogd with the ?s option, it forces the system call interface as its messaging source. Now it works. I found some pretty good info and a sh script on ipchains at http://dsl081-050-241.sfo1.dsl.speak...s-script.shtml Thanks for the rely! -Ward |
All times are GMT -5. The time now is 06:01 AM. |