Comments on: Force iptables to log messages to a different log file

By: awoms

awoms — Thu, 05 Jan 2012 15:18:45 +0000

Everything is working great, thank you.

How do I set up the new /var/log/iptables.log file to archive/create new files when it grows to a certain size?…

By: Akash

Akash — Sat, 19 Nov 2011 11:49:00 +0000

It help me to clear.. LOG basics concept
Thanks

By: Aly

Aly — Wed, 16 Jun 2010 15:45:26 +0000

I know this is an old post, but thanks this worked perfectly.

By: jamie

jamie — Sun, 02 May 2010 09:08:22 +0000

looks like in ubuntu 10.04, the file is now at /etc/rsyslog.d/50-default.conf

at least i think it is.

By: Roberto_Dominicano

Roberto_Dominicano — Thu, 28 Jan 2010 16:31:10 +0000

Sound interesting.
But I have a question? And if I would like to filtering mac address limiting the upload and download for any particular mac address?
How I can do that?

Thanks

By: Paul G

Paul G — Wed, 23 Dec 2009 20:47:47 +0000

In order to filter firewall logs from /var/log/messages use the below (in previous examples, “=” (equal sign) was used, but it is not working on RHEL for example.

kern.warning /var/log/iptables.log
*.info;kern.!warning;mail.none;authpriv.none;cron.none /var/log/messages

By: Al B..

Al B.. — Tue, 15 Dec 2009 19:58:10 +0000

for ubuntu 9.10 users edit /etc/rsyslog.d/50-default.conf and dont forget to remove *.=warn part otherwise it will still write to var/log/messages. If anyone has a better method please suggest..

By: Prem

Prem — Tue, 22 Sep 2009 06:39:42 +0000

Hi ,
I want to know is it possible to log 5 packets for every 2 minutes if it is possible may i know the command.
Thanks in advance…

By: Ammad

Ammad — Sat, 19 Sep 2009 14:50:21 +0000

can i have a iptables logs on web page. i have installed “Iptables log analyzer 0.4 beta” but i think its for suse only and it doesn’t put logs to mysql db as it should do according to documentation.

By: Prem

Prem — Sat, 19 Sep 2009 10:10:56 +0000

Hi
i have configured 2 log files
1.) iptable.log 2.)iptable1.log

i want to write monitor or write log for an ip say 64.55.11.2 in iptable.log and another ip say 202.20.10.80 in iptable1.log is that possible and how to do this?. Thanks in advance…

By: Ammad

Ammad — Fri, 04 Sep 2009 09:50:47 +0000

HI,
its cool, but for addition how do i get hostnames/FQDN of local nodes instead of IP address. i have dns on firewall system for all dynamic dhcp nodes. since logs are useful to get history of nodes, and all nodes are getting ip from dhcp. and this registers ip address to dns server.

thanks.

By: ds

ds — Sun, 02 Aug 2009 11:44:11 +0000

Thanks for this clear guide

By: dejf

dejf — Mon, 20 Jul 2009 20:20:49 +0000

This is just absurd. Loglevel is not meant to differe services, you should use filters or facility instead, syslog-ng makes things a bit easier.

By: kris

kris — Thu, 16 Jul 2009 10:44:52 +0000

Or you can use ulog.
Install ulogd (in ubuntu: sudo apt-get install ulogd)

If you use fwbuilder to configure your firewall then it’s simple.
In fwbuilder, double click on your firewall –> Firewall Settings –> Logging –> use ULOG

then compile and reinstall the policy and that’s it.
The logs from iptables will be in /var/log/ulog/syslogemu.log

By: Marshall

Marshall — Thu, 11 Jun 2009 20:25:46 +0000

Tawfiq: You can disable the console logging by commenting out this line in your syslog.conf

#kern.* /dev/console

By: Tawfiq

Tawfiq — Mon, 18 May 2009 05:59:39 +0000

sorry, it itself created the file (iptables.log)
but it also kept dumping on the active konsole.
any idea?

By: Tawfiq

Tawfiq — Mon, 18 May 2009 05:55:03 +0000

Don’t know if you guys had it, but i added that line is syslog.conf . then restarted it.
added those lines in iptables then restarted it.
the iptables log starts dumping on the active console.
I had to log in rescue mode and undo the stuffs.
may be cause i didn’t have the file /var/log/iptables ?
later today, i will try touch the file and redo the whole thing.

any alternate suggestions?

By: pedro

pedro — Sun, 22 Mar 2009 04:23:29 +0000

Mario:

don’t need to mock Paul like that… I feel for him and his frustration in getting “there” as well as I do for myself many times.
Routines are there for something, we all hope that it is to make your life easier… but if in order to put the routines at your service you have to put yourself in the shoes of the programmer all the time (for the same ammount of time) then there is no point… and it really gets to you… Its indeed a proper critic in the linux scene.
Now, we don’t need to immediately go to the other side of fence, even the best intended, most researchful guy out there gets some scratches jumping the fence.
Neither autoshit from MS nor ultimate control from some pseudo-eleet.
Linux diversity lacks in sinthesys!

Respect kid.

By: jon

jon — Mon, 23 Feb 2009 22:11:18 +0000

in general, this worked fine for me, even though i used the log-levels names instead of numbers.
after i had everything set-up, the settings didnt seem to have any effect until i noticed i had
to explicitly restart the kernel log daemon (/etc/init.d/klogd restart). i dont know if this is true for any other distributions than debian, which i’m running.
a nice documentation of the predefined iptables targets, such as LOG, can be found here:
http://www.faqs.org/docs/iptables/targets.html
under 6.5.4. LOG target, the topic discussed here is also explained another time for the –log-level option

By: kaxa

kaxa — Tue, 26 Aug 2008 09:52:23 +0000

10x Vivek Gite