LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-05-2002, 01:58 AM   #1
silentwisdom
LQ Newbie
 
Registered: Jun 2002
Location: Belgium
Distribution: RedHat, DeBian
Posts: 11

Rep: Reputation: 0
iptables log question


In my iptables script i have on written a log option on all forwarded traffic but i'm curious were the hell that log is written, because i can't find it.
The rule i've wrote is:

$IPTABLES -A Forward -j LOG

The other parts of my script are working fine but for safety i want the forward rule to be logged.
Can someone tell me were those logs are or what i'm doing wrong?



GREETZZ

Silentwisdom
 
Old 06-05-2002, 03:26 AM   #2
Noerr
Member
 
Registered: May 2002
Location: Dalec, HU
Distribution: Redhat 7.3
Posts: 696

Rep: Reputation: 30
it is suppose to be written in syslog
you may specify --log-prefix "IPTABLES log:"

you'll be able to find it easily
 
Old 06-05-2002, 03:27 AM   #3
Noerr
Member
 
Registered: May 2002
Location: Dalec, HU
Distribution: Redhat 7.3
Posts: 696

Rep: Reputation: 30
ohh
i forgot
you need to check /etc/syslog.conf to make sure that kernel logging in turned on

regards
 
Old 06-05-2002, 08:30 AM   #4
silentwisdom
LQ Newbie
 
Registered: Jun 2002
Location: Belgium
Distribution: RedHat, DeBian
Posts: 11

Original Poster
Rep: Reputation: 0
is thjis the lane for kernel logging?
because it was commented out
It was
#*.kern /dev/console

i made it
*.kern /var/log/messages
Is the traffic now logged into messages in the var/log directory????

GREEEETZZZZZZZ
Silentwisdom
 
Old 06-05-2002, 08:31 AM   #5
silentwisdom
LQ Newbie
 
Registered: Jun 2002
Location: Belgium
Distribution: RedHat, DeBian
Posts: 11

Original Poster
Rep: Reputation: 0
made a mistake In the post
It must be
kern.*
instead of
*.kern
 
Old 06-05-2002, 08:42 AM   #6
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
No that is not it. You need to add a line to the syslog.conf file that reads something like this:

kern.warn /var/log/messages

You also need to be sure that the logging statement is high enough in the chain that it actually gets executed. For instance if you drop all forwarded packets before this statement, the logging is never done.
 
Old 06-05-2002, 08:54 AM   #7
silentwisdom
LQ Newbie
 
Registered: Jun 2002
Location: Belgium
Distribution: RedHat, DeBian
Posts: 11

Original Poster
Rep: Reputation: 0
Now i've putted my log rule before the declaration of my default policie in the chain.
And i've changed my sylog.conf file
But i still get nothing in my messages

:-(
 
Old 06-05-2002, 04:08 PM   #8
Noerr
Member
 
Registered: May 2002
Location: Dalec, HU
Distribution: Redhat 7.3
Posts: 696

Rep: Reputation: 30
1.) restart syslog
modify line in sylog like this
*.info;mail.none;authpriv.none;cron.none;kern.* /var/log/messages

and it will work fine.
But you might have log statement at the wrong place like Truckstuff suggested
read www.iptables.com howtos,
 
Old 06-06-2002, 11:43 AM   #9
silentwisdom
LQ Newbie
 
Registered: Jun 2002
Location: Belgium
Distribution: RedHat, DeBian
Posts: 11

Original Poster
Rep: Reputation: 0
I still don't get it working Were must i put the log statement?
Before the default policie ar after it?????
I had it working once but my logs got to big so i killed it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Deleted /var/log/messages, can't log any files-iptables chingyenccy Linux - Newbie 7 02-27-2005 04:03 PM
iptables log don_wombat Linux - Software 1 01-25-2005 06:45 PM
Iptables Log injun Linux - Networking 3 10-25-2003 02:40 PM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM
iptables, changing log file from /var/log/messages acid2000 Linux - Networking 3 03-11-2003 08:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration