LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-25-2002, 02:18 PM   #1
jimval7
Member
 
Registered: Jan 2002
Location: Dallas, TX
Distribution: RedHat 7.0 - Kernel 2.4.17
Posts: 95

Rep: Reputation: 16
firewall logs


Where can I go see my firwall logs? When I reboot, i see messages but when the login prompt comes in it clears the screen and when i go to /var/log/messages only the boot up squence is shown, not anything regarding my rc.firewall messages.

 
Old 02-26-2002, 05:26 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,543
Blog Entries: 54

Rep: Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924
ipchains and iptables use syslog's "kern" facility, usually at the "info" level.
In your /etc/syslog.conf should be a line, for instance like this:
kern.info /var/log/<filename>
Just make sure you define logging rules for iptables, or add "-l" in ipchains rules.
 
Old 02-26-2002, 08:18 PM   #3
jimval7
Member
 
Registered: Jan 2002
Location: Dallas, TX
Distribution: RedHat 7.0 - Kernel 2.4.17
Posts: 95

Original Poster
Rep: Reputation: 16
Post my file

This is what I have in my file:

# Logging much else clutters up the screen.
#kern.* /dev/console

Should I change it to this:

# Logging much else clutters up the screen.
kern.* /var/log/messages


?

Please let me know.

Last edited by jimval7; 02-26-2002 at 08:24 PM.
 
Old 02-27-2002, 02:20 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,543
Blog Entries: 54

Rep: Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924
Try to use level, the stuff after the dot as a way to filter things to console/log, you definately want to see some stuff on your console (man syslog).
Now if you would add another entry for the kern.info, only messages from the kernel, at informational level would be in a file, and then you only have to grep for "Packet log" lines for ipchains, or the custom line you added to your iptables logrules.

#You have several options like
kern.info<tab><tab>/var/log/some.logfile
# or if you don't care scrubbing for more
*.info<tab><tab>/var/log/another.logfile
#and still be able to also do
kern.info<tab><tab>/dev/tty12

Don't forget to restart syslogd after making changes.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Where I can find firewall logs? Vie Linux - Software 3 02-07-2006 01:15 AM
New to firewall logs... is there anything bad?? jimdaworm Linux - Security 3 04-01-2005 09:05 AM
Firewall logs in logs and terminal... robbow52 Debian 7 11-20-2004 08:13 PM
Separate firewall logs and general logs dominant Linux - General 3 04-20-2004 02:26 AM
How should I get logs from firewall? RKris Linux - General 2 05-25-2002 06:11 PM


All times are GMT -5. The time now is 12:29 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration