linux 开启独立iptables日志
来源:互联网 发布:伊甸园eden知乎 编辑:程序博客网 时间:2024/06/03 16:43
系统日志配置在CentOS5上叫syslog,而在CentOS6上叫rsyslog,叫增强版的syslog,CentOS5上的配置文件在/etc/syslog.conf下,而CentOS6在/etc/rsyslog.conf下
1. 在rsyslog.conf 添加配置
/etc/rsyslog.conf中添加不同的日志级别(默认warn(=4))
kern.warning /var/log/iptables.log
kern.debug /var/log/iptables.log
kern.info /var/log/iptables.log
不过推荐全部日志都记录: kern.* /var/log/iptables.log
重启日志配置: /etc/init.d/rsyslogd restart
# Generated by iptables-save v1.4.7 on Sun Dec 11 10:41:47 2016
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [28:2640]
:LOGGING - [0:0]
#-A INPUT -j LOGGING
-A INPUT -j LOG --log-prefix "iptables"
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A INPUT -m iprange --src-range 10.64.24.11-10.64.24.16 --dst-range 10.64.24.11-10.64.24.16 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 82 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
COMMIT
# Completed on Sun Dec 11 10:41:47 2016
How to Log Linux IPTables Firewall Dropped Packets to a Log File
To log both the incoming and outgoing dropped packets, add the following lines at the bottom of your existing iptables firewall rules.
How to read the IPTables Log
The following is a sample of the lines that was logged in the /var/log/messages when an incoming and outgoing packets was dropped.
In the above output:
IPTables-Dropped: This is the prefix that we used in our logging by specifying –log-prefix option
IN=em1 This indicates the interface that was used for this incoming packets. This will be empty for outgoing packets
OUT=em1 This indicates the interface that was used for outgoing packets. This will be empty for incoming packets.
SRC= The source ip-address from where the packet originated
DST= The destination ip-address where the packets was sent to
LEN= Length of the packet
PROTO= Indicates the protocol (as you see above, the 1st line is for outgoing ICMP protocol, the 2nd line is for incoming TCP protocol)
SPT= Indicates the source port
DPT= Indicates the destination port. In the 2nd line above, the destination port is 443. This indicates that the incoming HTTPS packets was dropped
- linux 开启独立iptables日志
- linux 开启独立iptables日志
- Linux iptables开启80端口
- centos linux iptables 只开启 ssh 服务
- Linux防火墙(Iptables)的开启与关闭
- linux防火墙(iptables)的开启与关闭
- linux开启端口命令 iptables 打开 查看
- Linux防火墙(iptables)关闭与开启配置
- linux iptables关闭/开启 启用/禁用
- Linux防火墙(Iptables)的开启与关闭
- linux开启端口命令 iptables 打开 查看
- Linux服务器之IPTABLES开启80端口
- Linux防火墙(Iptables)的开启与关闭
- linux下开启日志查询
- linux 自定义Iptables日志与生成数量
- 关闭或开启Linux上的iptables防火墙,SSH端口
- Linux防火墙(Iptables)的开启与关…
- Linux防火墙(iptables)的开启与关闭
- Redis中持久化的两种方法详解
- 打包后的ipa怎么上传到appstore
- 判断字符串A中是否有B字符串!(其中A字符串是用“,”拼接成的).
- Java内部类详解
- android广播接收者实例_app状态监听
- linux 开启独立iptables日志
- JavaScript 判断闰年
- MVP模式在Android开发中的应用
- lintcode,最多有多少个点在一条直线上
- Windows文件系统(阅读笔记总结)
- [编程题]简单密码
- android IPC : 告别手写parcelable
- 凭兴趣求职 80% 会失败,为什么
- git branch -M