CentOS 6 下單獨記錄 iptables 日誌

標籤：iptables log

1. First, add a new chain with a reasonable name:

iptables -N LOGGING

2. Next, insert a rule at the appropriate point (hence me using --line-numbers above). You could replace the existing REJECT at line 5 in its entirety as its functionality will be moved into the LOGGING chain (where I change it to a DROP anyway):

650) this.width=650;" src="http://s4.51cto.com/wyfs02/M00/83/9E/wKiom1d4h1vCJA1OAAF95dhUPJ4791.jpg" title="Snap1.jpg" alt="wKiom1d4h1vCJA1OAAF95dhUPJ4791.jpg" />

iptables -I INPUT 5 -j LOGGING

3. Add the actual logging rule next

iptables -A LOGGING  -j LOG --log-prefix "DROP: " --log-level 7

iptables -A LOGGING -j DROP

service iptables save

service iptables restart

650) this.width=650;" src="http://s1.51cto.com/wyfs02/M00/83/9F/wKiom1d4iNGzFVhIAAH_v_nkipc207.jpg" title="Snap2.jpg" alt="wKiom1d4iNGzFVhIAAH_v_nkipc207.jpg" />

4. vi /etc/rsyslog.conf

kern.debug                        /var/log/iptables.log

service rsyslog restart

5. vi /etc/logrotate.d/syslog

add /var/log/iptables.log to list of filenames

本文出自 “Ilovecat(個人筆記)” 部落格，請務必保留此出處http://hj192837.blog.51cto.com/655995/1795268

CentOS 6 下單獨記錄 iptables 日誌