Recently my VPS got hacked and had to learn iptables to drop all outgoing traffic.
Everything seems to work, yeah google is your friend. But there was a problem.
In my fedora the iptables dropped packets logging did not appears to /var/log/messages
nor to /var/log/iptables.log.. strange.
Okay i started to dig why the log was not showed out. I know i am using rsyslog,
so i came out with this setting,
1. Create a file
# touch /etc/rsyslog.d/iptables.conf
# touch /var/log/iptables.log
2. Insert this into the config file
:msg, startswith, "iptables:" /var/log/iptables.log
& ~ Well this rules is not working, since the rsyslog format is to add timestamp
at every beginning line of log. So modified it slightly with "contains" keyword.
:msg, contains, "iptables:" /var/log/iptables.log
& ~
3. restart the service
# service rsyslog restart
Now i can see all the log of dropped packets at /var/log/iptables.log
GNU/Linux rocks!
Everything seems to work, yeah google is your friend. But there was a problem.
In my fedora the iptables dropped packets logging did not appears to /var/log/messages
nor to /var/log/iptables.log.. strange.
Okay i started to dig why the log was not showed out. I know i am using rsyslog,
so i came out with this setting,
1. Create a file
# touch /etc/rsyslog.d/iptables.conf
# touch /var/log/iptables.log
2. Insert this into the config file
:msg, startswith, "iptables:" /var/log/iptables.log
& ~ Well this rules is not working, since the rsyslog format is to add timestamp
at every beginning line of log. So modified it slightly with "contains" keyword.
:msg, contains, "iptables:" /var/log/iptables.log
& ~
3. restart the service
# service rsyslog restart
Now i can see all the log of dropped packets at /var/log/iptables.log
GNU/Linux rocks!
Comments