標籤:iptables log
1. First, add a new chain with a reasonable name:
iptables -N LOGGING
2. Next, insert a rule at the appropriate point (hence me using --line-numbers
above). You could replace the existing REJECT
at line 5 in its entirety as its functionality will be moved into the LOGGING
chain (where I change it to a DROP
anyway):
650) this.width=650;" src="http://s4.51cto.com/wyfs02/M00/83/9E/wKiom1d4h1vCJA1OAAF95dhUPJ4791.jpg" title="Snap1.jpg" alt="wKiom1d4h1vCJA1OAAF95dhUPJ4791.jpg" />
iptables -I INPUT 5 -j LOGGING
3. Add the actual logging rule next
iptables -A LOGGING -j LOG --log-prefix "DROP: " --log-level 7
iptables -A LOGGING -j DROP
service iptables save
service iptables restart
650) this.width=650;" src="http://s1.51cto.com/wyfs02/M00/83/9F/wKiom1d4iNGzFVhIAAH_v_nkipc207.jpg" title="Snap2.jpg" alt="wKiom1d4iNGzFVhIAAH_v_nkipc207.jpg" />
4. vi /etc/rsyslog.conf
kern.debug /var/log/iptables.log
service rsyslog restart
5. vi /etc/logrotate.d/syslog
add /var/log/iptables.log to list of filenames
本文出自 “Ilovecat(個人筆記)” 部落格,請務必保留此出處http://hj192837.blog.51cto.com/655995/1795268
CentOS 6 下單獨記錄 iptables 日誌