Pages

Monday, October 3, 2011

Moving Iptables logs to different file

Dear All,
              Today I am going to post regarding the Iptable logs. I was getting iptable in /var/log/messages, so its getting difficult to check other messages from /var/log/messages as iptables generates a huge bulk of logs.


           So for that I decided to move iptables log to different directory. For this we have to do changes in foolowing configuration files.
1.) /etc/syslog.conf
In the above file append the following line.
kern.warning                                            /home/log/iptables.log

Also as before I was getting all iptables log in /var/log/messages, So need to do some more changes in syslog.conf file as change below line...

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none         /var/log/messages

               to.....................

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none;kernel.warning         /var/log/messages

Now just restart the syslogd daemon.

[root@gateway ~]# /etc/init.d/syslog restart
Shutting down kernel logger:                               [  OK  ]
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Starting kernel logger:                                    [  OK  ]
[root@gateway ~]#



You can now see all iptables message logged to /home/log/iptables.log file:

[root@gateway ~]# tailf /home/log/iptables.log
Oct  4 00:33:06 gateway last message repeated 2 times
Oct  4 00:33:06 gateway kernel: IN=eth1 OUT=


   !Enjoy Linux
Kuldeep Sharma