注册
个人空间
Iptables default log file (都是常用单词,就不译了吧)
For example, if you type the following command, it will display current iptables log from /var/log/messages file:
引用:# tail -f /var/log/messages
Output:
引用:
Oct 4 00:44:28 debian gconfd (vivek-4435): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Oct 4 01:14:19 debian kernel: IN=ra0 OUT= MAC=00:17:9a:0a:f6:44:00:08:5c:00:00:01:08:00 SRC=http://www.chinaunix.net/jh/29/200.142.84.36 DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=18374 DF PROTO=TCP SPT=46040 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct 4 00:13:55 debian kernel: IN=ra0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:18:de:55:0a:56:08:00 SRC=http://www.chinaunix.net/jh/29/192.168.1.30 DST=192.168.1.255LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=13461 PROTO=UDP SPT=137 DPT=137 LEN=58
Procedure to log the iptables messages to a different log file
Open your /etc/syslog.conf file:
引用:# vi /etc/syslog.conf
Append following line
引用:
kern.warning /var/log/iptables.log
Save and close the file.
Restart the syslogd (Debian / Ubuntu Linux):
引用:# /etc/init.d/sysklogd restartOn the other hand, use following command to restart syslogd under Red Hat/Cent OS/Fedora Core Linux:# /etc/init.d/syslog restart
Now make sure you pass the log-level 4 option with log-prefix to iptables. For example:
引用:# DROP everything and Log it
iptables -A INPUT -j LOG –log-level 4
iptables -A INPUT -j DROP
For example, drop and log all connections from IP address 64.55.11.2 to your /var/log/iptables.log file:
引用:
iptables -A INPUT -s 64.55.11.2 -m limit --limit 5/m --limit-burst 7 -j LOG –log-prefix ‘** HACKERS **’ --log-level 4
iptables -A INPUT -s 64.55.11.2 -j DROP
Where,
* –log-level 4: Level of logging. The level # 4 is for warning.
| 论坛热门帖子: | [lch203] 写得蛮好的linux学习笔记(10-21) [黑马制造] 学习java的30个目标(10-19) [笑傲股林] 做测试半年了,有点迷茫,应该再学些什么提高自己的测试水平和测试能力呢?(10-19) [udp8589] 大家用google的来吱一声? 用百度的~~也来报道下?(10-18) [沂偌掳兆] 本人总结的一些认为C++比较经典的书籍,希望对大家有用(10-18) |
| TAG标签: | 其它 文件 输出 格式 日志 定义 引用 0x00TTL 0x00PREC |
