Thread: iptables syslog
View Single Post
  #3  
Old 31st December 2005, 15:22
stefanr stefanr is offline
HowtoForge Supporter
 
Join Date: Dec 2005
Posts: 48
Thanks: 0
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by till
You can enable logging in the bastille firewall configuration. You must chnage the file in:
Thanks vor your fast replay..
my file
/etc/Bastille/bastille-firewall.cfg

schnip
# 2) services for which we want to log access attempts to syslog (all systems)
# Note this only audits connection attempts from public interfaces
#
# Also see item 12, LOG_FAILURES
#
#TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
# anyone probing for BackOrifice?
#UDP_AUDIT_SERVICES="31337"
# how about ICMP?
#ICMP_AUDIT_TYPES=""
#ICMP_AUDIT_TYPES="echo-request" # ping/MS tracert
#
# To enable auditing, you must have syslog configured to log "kern"
# messages of "info" level; typically you'd do this with a line in
# syslog.conf like
# kern.info /var/log/messages
# though the Bastille port monitor will normally want these messages
# logged to a named pipe instead, and the Bastille script normally
# configures syslog for "kern.*" which catches these messages
#
# Please make sure variable assignments are on single lines; do NOT
# use the "\" continuation character (so Bastille can change the
# values if it is run more than once)
#TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
#UDP_AUDIT_SERVICES="31337"
#ICMP_AUDIT_TYPES=""

and this entry

IP_LOG_LEVEL=6 # iptables/netfilter default

schnap

Quote:
Originally Posted by till
and the master template:

/root/ispconfig/isp/conf/bastille-firewall.cfg.master

Then restart the firewall:

/etc/init.d/bastille-firewall restart

i understood this as the files ok and the logging must go, but no entry will come in anyfiles aof /var/log/

my file /etc/sysconfig i have also changed in

# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.

#
# First some standard logfiles. Log by facility.
#

auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
#kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
uucp.* /var/log/uucp.log
kern.notice;kern.!warn;kern.info /var/log/firewall.log
kern.warn -/var/log/kern.log


what can also goes wrong?

after all i changes i restart /etc/init.d/sysklogd restart, and the firewall

what can goes wrong?

STEFAN

Last edited by stefanr; 31st December 2005 at 15:24.
Reply With Quote