Linux firewall, iptables has the capability to log network activity to the syslog system. This is very useful to detect problems as well as to generate reports of network activity. You can also use this to detect all intrusion detection or unwanted incoming/outgoing connections etc.
LOG module
To enable logging option you need to use LOG iptables/kernel module. It turn on kernel logging of matching packets. When this option is set for a rule, the Linux kernel will print some information on all matching packets (like most IP header fields) via the kernel log.
For example, drop all connection coming from hacker/cracker IP address 202.54.10.202 and log them to syslog:
iptables -A INPUT -s 202.54.10.202 -m limit –limit 5/m –limit-burst 7 -j LOG –log-prefix ‘** FW-DROP-HACKER **’
iptables -A INPUT -s 202.54.10.202 -j DROP
Firewall rules are checked in a sequential manner So first you logged message with first rule and second rule drops the connection.
Where,
- -m limit –limit 5/m: This will prevent excessive log data to /var/log/message file from being granted. The limit specified is 5/minute (it is maximum average matching rate). And a burst rate of 7 is specified (it is maximum initial number of packets to match).
- –log-prefix ‘** FW-DROP-HACKER **’: This is nothing but log prefix to dropped rule. Useful to search using grep command:
# grep ‘** FW-DROP-HACKER **’ /var/log/message
LOG module supports other options, read man page of iptables for more information.
🐧 1 comment so far... add one ↓
Force iptables to log messages to a different log file
Shell scripting: Write message to a syslog / log file
Linux Iptables Firewall: Log IP or TCP Packet Header
Things I can do in Linux that I can't do on…
Coolest thing you can do using Linux that you…
PHP Log All Errors to a Log File to Get Detailed Information
FreeBSD setup Internet connections sharing with NAT firewall
Firewall Builder: Generate The Web Server Firewall…
| Category | List of Unix and Linux commands |
|---|---|
| Disk space analyzers | ncdu • pydf |
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | NetHogs • dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Great information!