If I want to do some logging by ipchains all the data is written to
I think if I configure the syslog.conf file, I can direct it to
If this is possible, what do I have to write into the file?
> If I want to do some logging by ipchains all the data is written to
> I think if I configure the syslog.conf file, I can direct it to
> If this is possible, what do I have to write into the file?
Thomas Knop schrieb:
I had a look at 'man ipchains', but there is no comment about a facility. It just saysQuote:> You must figure how to change the 'facility' under wich ipchans writes to syslog.
> I am in the opinion you will find this in "man iptables" (cant check for it here).
> Than you have to write a new syslog roule. You will find this in "man syslog".
I'm looking for a way to log everything hitting my firewall (accepted, denied
and rejected packets), but I can't figure out how to do this. I've been
playing around with ipchains and I am able to log specific rules, but I can't
seem to log the actions of a default policy. For example:
ipchains -A input DENY
ipchains -A input -i eth0 -p tcp -s 0.0.0.0/0 -d 18.104.22.168/32 80 -l -j ACCEPT
Let's say these are the firewall rules I'm using. If someone tries to connect
to the firewall (22.214.171.124/eth0) from the internet, via the web (port 80), they
are able to do so and the connection is logged as accepted, hence the '-l'
switch. But, if someone from the net tries to connect using ftp, they are
denied access (as per the default input policy) but this transaction does not
seem to make it into my system logs. How can I log traffic that is being
filtered by a default policy in ipchains? Can I use ipchains to do
firewall logging, or is there a better solution?
I'm using Red Hat 5.2 with kernel 2.2.3 which is configure to run as a
firewall. I've been reading howto papers all day, but I can't seem to find
anything that specifically deals with firewall logging.
Any info or suggestions would be very much appreciated!