Use MySQL to save iptables logs in debian

This article describes how to use ulogd to save iptables logs to MySQL In debian. This method has many benefits, and the main benefit is the log statistics in the future.

This article describes how to use ulogd to save iptables logs to MySQL In debian. This method has many benefits, and the main benefit is the log statistics in the future.

This article describes how to use ulogd to save iptables logs to MySQL In debian. There are many benefits to doing so. The main benefit is that the log statistics in the future will be very convenient.

Install ulogd and ulogd-mysql

First, run the following command:

$ Sudo apt-get install ulogd
$ Sudo apt-get install ulogd-mysql

After the installation is complete, configure ulogd.

First, you need to import the ulogd database script to the database:

$ Mysql
Mysql> create database ulogd;
Mysql> use ulogd;
Mysql> source/usr/share/doc/ulogd-mysql/mysql. table

Then modify the ulogd. conf configuration file:

$ Sudo vi/etc/ulogd. conf

Find # output plugins. the line number is about 43 rows. Comment out plugin = "/usr/lib/ulogd/ulogd_LOGEMU.so, uncomment the plugin = "/usr/lib/ulogd/ulogd_MYSQL.so" line to output it to MySQL. Next, find the MySQL configuration field in the configuration file, which is about 59 rows:

[MYSQL]
Table = "ulog"
Pass = ""
User = "root"
Db = "ulogd"
Host = "localhost"

Modify it to the corresponding options. After modification, start the ulogd service.

$ Sudo/etc/init. d/ulogd restart

If no error message is displayed, it means the operation is successful.

Step 2: Configure iptables

Set the iptables rules you want to record, for example, the packet to record port 80.

-A input-p tcp-m tcp-dport 80-j ULOG

However, it should be noted that ULOG does not filter packets. After matching this rule, the data continues to be matched.

In this way, the basic configuration is complete. When port 80 on the server has data, some information about the packets will be recorded in MySQL for later viewing and statistics.