logging iptables events

An area specifically for port forwarding, firewalls and other (on-line) security related issues.
Post Reply
burchbri
Regular
Regular
Posts: 44
Joined: Tue Oct 06, 2009 3:53 pm

logging iptables events

Post by burchbri » Sat Jan 16, 2010 8:11 pm

I have written some iptables rules under 2.91.1 (discussed in another post). I have successfully set up remote logging to one of my servers. The logging settings are all "notice", except user events, which are "info".

If I telnet into the router, and issue the following commands:

Code: Select all

logger test message 1 (goes to default of user.notice)
logger -p kern.info test message 2 (goes to user.info, not kernel as requested)
echo test message 3 | logger (goes to default of user.notice)
... they all result in messages on both the router log and my remote server log. So far, so good.

iptables --help shows that v1.2.6a should support the following rule:

Code: Select all

iptables -A INPUT -j LOG --log-level 5 --log-prefix adslRouter
A log level of "notice" was implied to be valid within the help, but I got a syntax error until I coded the absolute numeric value.

I can see from "iptables -n -v -L INPUT" that my new rule is successfully intercepting packets, but NOTHING appears in either the local or the remote syslog.

Any suggestions would be welcome - before I start banging my head against the nearest wall!
Post Reply