LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   firewall logs (https://www.linuxquestions.org/questions/linux-security-4/firewall-logs-15044/)

jimval7 02-25-2002 01:18 PM

firewall logs
 
Where can I go see my firwall logs? When I reboot, i see messages but when the login prompt comes in it clears the screen and when i go to /var/log/messages only the boot up squence is shown, not anything regarding my rc.firewall messages.

:confused:

unSpawn 02-26-2002 04:26 PM

ipchains and iptables use syslog's "kern" facility, usually at the "info" level.
In your /etc/syslog.conf should be a line, for instance like this:
kern.info /var/log/<filename>
Just make sure you define logging rules for iptables, or add "-l" in ipchains rules.

jimval7 02-26-2002 07:18 PM

my file
 
This is what I have in my file:

# Logging much else clutters up the screen.
#kern.* /dev/console

Should I change it to this:

# Logging much else clutters up the screen.
kern.* /var/log/messages


?

Please let me know.

unSpawn 02-27-2002 01:20 AM

Try to use level, the stuff after the dot as a way to filter things to console/log, you definately want to see some stuff on your console (man syslog).
Now if you would add another entry for the kern.info, only messages from the kernel, at informational level would be in a file, and then you only have to grep for "Packet log" lines for ipchains, or the custom line you added to your iptables logrules.

#You have several options like
kern.info<tab><tab>/var/log/some.logfile
# or if you don't care scrubbing for more
*.info<tab><tab>/var/log/another.logfile
#and still be able to also do
kern.info<tab><tab>/dev/tty12

Don't forget to restart syslogd after making changes.


All times are GMT -5. The time now is 09:09 AM.