In this example, we will create a new logfile within the /var/log directory called iptables.
Make a backup of /etc/syslog.conf before making any changes to it.
# cp /etc/syslog.conf /etc/syslog.conf.bak
Edit /etc/syslog.conf with an editor such as vi and add lines:
# comment iptables log
kern.warning /var/log/iptables
Make sure the iptables rule is logging at the appropriate level.
This can be done by using the �log-level switch. Default log-level is warning.
This example will log ssh attempts:
# iptables -I INPUT -p tcp - - dport 22 -j LOG �log-level 4
Log Levels can be found using command:
$ man syslog.conf
Log Levels
0 emerg or panic
1 alert
2 crit
3 err or error
4 warn or warning
Note: Consider adding a prefix to your iptables rule. This makes it easier to separate the firewall message from the few random messages that the kernel puts out.
This example will log ping and add the prefix "#### Firewall ####".
# iptables -I INPUT -p icmp �icmp-type ping -j LOG �log-prefix ' #### Firewall #### '
No comments:
Post a Comment