Shulou(Shulou.com)06/01 Report--

This article mainly explains "the log management method of firewall iptables under LINUX". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Next, let the editor take you to learn the log management method of firewall iptables under LINUX.

Iptables logs (log) are recorded and managed by syslogd. Initially stored in / var/log/messages. Automatically take the way of circular recording (rotation) to record. However, due to mixing in messages, it is inconvenient for management and monitoring. Here, I'll briefly introduce my experience in managing, cycling, and automatically generating reports on my iptables logs:

Because iptables is a function of the linux kernel itself, it is managed by dmesg or syslogd's facility in conjunction with the kernel. The initial value of iptables's log is [warn (= 4)], and the syslog.conf needs to be modified.

:

Kern.=warn / var/log/kern-warn-log ← can decide the file name on its own

Here, facility is the [warn] of priority in [kern], and the log will be recorded in / var/log/kern-warn-log.

The setting method of the log loop:

Append the following statement to / etc/logrotated.d/syslog:

:

/ var/log/kern-warn-log {

Number of files remaining in rotate 50

Postrotate

/ bin/kill-HUP `cat / var/run/syslogd.pid 2 > / dev/ null`2 > / dev/null | | true

Endscript

}

The initial setting of / etc/logrotate.conf is to loop the log once a week. So weekly logs will be stored in / var/log/kern-warn-log, and previous logs will be stored in kern-warn-log.1-kern-warn-log.50 in sequence.

Another way is to get the log directly through iptables: (generally not used)

# iptables-An INPUT-s 127.0.0.1-p icmp- j LOG-- log-prefix "iptables icmp-localhost" ← keeps packet records entered from eth0

# iptables-An INPUT-s 127.0.0.1-p icmp-j DROP ← abolishes packet records entered from eth0

In this way, the content of / var/log/kern-warn-log will look like this:

Sep 23 10:16:14 hostname kernel: iptables icmp-localhost IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=57148 SEQ=256

At this point, I believe that everyone on the "LINUX firewall iptables log management method" have a deeper understanding, might as well to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.