Am Di, den 09.11.2004 schrieb Jorge Fábregas um 1:47: > > You need to configure the syslog daemon in /etc/syslog.conf to log your > > desired kern.* priority into a specific log file under /var/log. > > iptables itself does not log. > > ...but nothing is going to be logged unless you append to your netfilter > rules, for example: > > -j LOG --log-level debug > > and then you would find the netfilter log in the line you specified in > syslog.conf. In the above example, you we're specifyng severity: debug. Thus, > you'll need to make sure the log file you want is covered by kern.debug. > > HTH, > Jorge Yes Jorge, thank you. Within the iptables rulesets you will have to specify what cases shall be logged and to which severity (corresponding to the setting for the syslog). As an example: [0:0] -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 10/min -j LOG --log-prefix "detected SYN/FIN SCAN: " --log-level 7 --log-tcp-options --log-ip-options [0:0] -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP The first rule is for logging, the second for dropping the packets of specified case. This way you can set up what to log. Prevent to log all or your drive will be quickly filled with a large log file. Alexander -- Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.8-1.521smp Serendipity 02:08:16 up 19 days, 23:47, load average: 0.48, 0.47, 0.52
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
