要讓 iptables 留下 log ...可以這樣做~~
Iptables default log file
For example, if you type the following command, it will display current iptables log from /var/log/messages file:
預設log會到/var/log/messages,如果要改到其他目錄 syslog.conf 該如何設定 ?
Procedure to log the iptables messages to a different log file
Open your /etc/syslog.conf file:
QUOTE:
# vi /etc/syslog.conf
Append following line
QUOTE:
kern.warning /var/log/iptables.log
Save and close the file.
Restart the syslog
QUOTE:
service syslog restart
在Firewall 設定加上
QUOTE:
iptables -A FORWARD -p tcp -j LOG --log-prefix '** HACKERS **' --log-level 4
Where,
- --log-level 4: Level of logging. The level # 4 is for warning.
- --log-prefix '*** TEXT ***': Prefix log messages with the specified prefix (TEXT); up to 29 letters long, and useful for distinguishing messages in the logs.
You can now see all iptables message logged to /var/log/iptables.log file:
QUOTE:
# tail -f /var/log/iptables.log