Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞
IPtables log management tips in Fedora-Linux Enterprise Application-Linux server application information. The following is a detailed description. Reading Tips: the logs in the Linux firewall are very helpful for debugging rules. You can see where the packages are going, what rules are processed, what rules are processed, and what kind of packages are processed. The following describes how to use the kernel log tool to manage IPtables logs. This article is intended for users.
The Iptables manual mentions that the LOG target is used to record packet-related information. This information may be invalid, so it can be used for debugging. LOG will return details about the package, such as most of the IP header and other interesting information. This function is completed through the kernel log tool, generally syslogd. The returned information can be read by dmesg, or the log file of syslogd can be viewed directly, or other programs. LOG is very helpful for debugging rules. You can see where the package went, what rules are processed, what rules are processed, and what packages are processed. The following describes how to use the kernel log tool to manage IPtables logs.
1. Configure the syslogd configuration file/etc/syslog. conf
Syslogd outputs log information to the/var/log/messages file by default. This section describes how to create a new IPtables log file/var/log/iptables. Modify the configuration file/etc/syslog. conf of syslogd to tell syslogd IPtables which record level to use. For details about the record level, you can view the file syslog. conf generally has the following levels: debug, info, notice, warning, warn, err, error, crit, alert, emerg, panic. Here, error and err, warn, warning, panic, and emerg are synonyms, that is, they play the same role. Note that these three levels are not in favor of use (because the amount of information is too large ). The information level indicates the severity of the problem reflected by the recorded information.
All LOG information of IPtables can be recorded through the kernel function.
First, add the following content to the file syslog. conf:
# Iptables logging
Then specify the level of debug for the iptables LOG rules (for example, iptables-I INPUT 1-j LOG -- log-prefix '[IPTABLES DROP LOGS]:' -- log-level debug ), you can store all the information in the file/var/log/iptables.
Restart the syslog service or restart the computer.
I use FC6 and use the service syslog restart command to conveniently start the syslog service.
Ii. Use IPtables to scroll logs
All log files will increase rapidly over time and the number of visits. Therefore, you must regularly clean up log files to avoid unnecessary disk space waste. In FC6, there is a special log rolling processing program logrotate. logrotate can automatically compress, back up, and delete logs. By default, logrotate is added to the daily scheduled tasks of the system, in this way, the administrator needs to handle the problem by himself.
First, check and confirm the configuration file/etc/logrotate. conf of logrotate as follows:
# See "man logrotate" for details
# Rotate log files weekly
# Keep 4 weeks worth of backlogs
# Create new (empty) log files after rotating old ones
# Uncomment this if you want your log files compressed
# RPM packages drop log rotation information into this directory
# No packages own wtmp -- we'll rotate them here
Create 0664 root utmp
# System-specific logs may be also be configured here.
Then add the IPtables log file/var/log/iptables to the syslog rolling log configuration file/etc/logrotate. d/syslog. The details are as follows:
Finally, logrotate is scheduled to run once a day. Make sure the file/etc/cron. daily/logrotate contains the following content:
EXITVALUE = $?
If [$ EXITVALUE! = 0]; then
/Usr/bin/logger-t logrotate "ALERT exited abnormally with [$ EXITVALUE]"
Now we have created a separate rolling log for IPtables to better analyze network attack information.
This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or
reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or
complaint, to firstname.lastname@example.org. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
and provide relevant evidence. A staff member will contact you within 5 working days.