iptable messages in logfile for blocked requests to my ip adress

LiNuXkOlOnIe · 12-26-2005, 12:51 PM

Hallo, i have no server but Fedora 3 as Desktop. Of course with the iptable firewall which i configure with fwbuilder. Now what i want to know is where can i find the messages which accesses to my pc were tried ? On which port/protocol etc. It's only for me to know if anything goes broken (virus etc.) The portscan is very well i made at an online web-site which offers port-scan service.
I thought all messages will be logged to syslog ? Nothin in there.

Thank you.

wrj · 12-26-2005, 03:13 PM

Check your /etc/syslog.conf file. You should have an entry in there that tells you how your kernel logs are set up.

Mine is:
kern.* -/var/log/kern.log

Hope that helps.

LiNuXkOlOnIe · 12-27-2005, 09:22 AM

This is my entry: I never thought that this would be. This confuses me a little. Thank you a lot. This will me help further.

Code:

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

I added the line you wrote:

Code:

kern.* -/var/log/kern.log

but there are no entries. ???

doublejoon · 12-27-2005, 10:36 AM

Restart syslog

wrj · 12-27-2005, 12:40 PM

Yes, restart syslogd. Also, try reading through the man pages for syslog.conf for a better explanation of how it works.

"man syslog.conf"

LiNuXkOlOnIe · 12-27-2005, 04:11 PM

It works. But the result is not what i expected. The system/kernel-logs were already logged in messages and bootmessages.

I read the man-page after i read the first post to understand what the cryptic line means. Now give me another hint and explain me where
i can log or find the ip adresses which wanted to access my pc sniffing etc. Let me compare to ZoneAlarm. There is always a list/log where you can look at if someone tried to breach your pc. port/protocol. Does iptables log something in the same way ?
I have installed snort too. Iam still reading. I think this one does something similar and can be linked to iptables so that snort does the work. Which is not what i want right now. It's only an where is the message if there is one from iptables.

Thank you.

Notwerk · 12-28-2005, 05:13 AM

Check $man iptables
for MATCH EXTENSIONS.

Be aware that you'll need to use TWO rules for every packet you reject/drop if you want to log it. One to log it and a second to drop it. You can also define the log level there.

LiNuXkOlOnIe · 12-29-2005, 01:52 PM

Thank you. I think you mean LOG. Am i right. This should work. I try to setup a rule with fwbuilder. I am on it.

cu

Uuups. Why didn't i looked in fwbuilder already ? There is already a option for logging. Anyway... thanx again.