iptables LOG not in syslog
in [Slackware]
|
From: William Hunt on 11 Apr 2010 09:48 Hi, All: I have a slackware-12.2 VPS installed under OpenVZ (@ChainHost.com). iptables -j LOG rules load correctly. iptables -L shows counts correctly accumulating. /sbin/dmesg shows LOG messages are correctly generated. Nothing shows in /var/log/syslog. /etc/syslog.conf is: "*.*;mail.none; /var/log/syslog" Other apps correctly write syslog, example: logger, imapd, sshd, ... Any clues? Thanks! -- William Hunt, Portland Oregon USA
From: Lew Pitcher on 11 Apr 2010 09:59 On April 11, 2010 09:48, in alt.os.linux.slackware, wjh(a)prv8.net wrote: > Hi, All: > > I have a slackware-12.2 VPS installed under OpenVZ (@ChainHost.com). > > iptables -j LOG rules load correctly. > iptables -L shows counts correctly accumulating. > /sbin/dmesg shows LOG messages are correctly generated. > Nothing shows in /var/log/syslog. > /etc/syslog.conf is: "*.*;mail.none; /var/log/syslog" > Other apps correctly write syslog, example: logger, imapd, sshd, ... > > Any clues? Not from what you've posted so far. First off, show us your iptables rules. We need to see both the rules that invoke the -j LOG table, /and/ the rules that branch or fall-through to those -j LOG rules. This will show us what options you log with, and what it is you log (or not). Do you use the --log-prefix option on your -j LOG rules? A unique value here makes it easy to locate the logged values in your syslog. Second, are you looking in the right log? The Slackware default syslog.conf rules read (in part)... # Log anything 'info' or higher, but lower than 'warn'. # Exclude authpriv, cron, mail, and news. These are logged elsewhere. *.info;*.!warn;\ authpriv.none;cron.none;mail.none;news.none -/var/log/messages and with no overriding syslog configuration, this causes all netfilter messages to log to /var/log/messages. HTH -- Lew Pitcher Master Codewright & JOAT-in-training | Registered Linux User #112576 Me: http://pitcher.digitalfreehold.ca/ | Just Linux: http://justlinux.ca/ ---------- Slackware - Because I know what I'm doing. ------
From: John K. Herreshoff on 11 Apr 2010 09:59 William Hunt wrote: > Hi, All: > > I have a slackware-12.2 VPS installed under OpenVZ (@ChainHost.com). > > iptables -j LOG rules load correctly. > iptables -L shows counts correctly accumulating. > /sbin/dmesg shows LOG messages are correctly generated. > Nothing shows in /var/log/syslog. > /etc/syslog.conf is: "*.*;mail.none; /var/log/syslog" > Other apps correctly write syslog, example: logger, imapd, sshd, ... > > Any clues? > > Thanks! Mine shows up in messages. Did you check that? John. -- Using the Laptop at home.
From: Lew Pitcher on 11 Apr 2010 11:05 Lew Pitcher <lpitcher(a)teksavvy.com> trolled: Warning: Lew Pitcher, who posts to this newsgroup, is a domain thief. Read the full story at http://www.lewpitcher.ca
From: William Hunt on 11 Apr 2010 11:20 On Sun, 11 Apr 2010, Lew Pitcher wrote: > On April 11, 2010 09:48, in alt.os.linux.slackware, wjh(a)prv8.net wrote: >> I have a slackware-12.2 VPS installed under OpenVZ (@ChainHost.com). >> iptables -j LOG rules load correctly. >> iptables -L shows counts correctly accumulating. >> /sbin/dmesg shows LOG messages are correctly generated. >> Nothing shows in /var/log/syslog. >> /etc/syslog.conf is: "*.*;mail.none; /var/log/syslog" >> Other apps correctly write syslog, example: logger, imapd, sshd, ... >> Any clues? > Not from what you've posted so far. > First off, show us your iptables rules. We need to see both the rules that > invoke the -j LOG table, /and/ the rules that branch or fall-through to > those -j LOG rules. This will show us what options you log with, and what > it is you log (or not). [...] I don't think the problem is with my script, this has been running for many years on other slackware hosts, and fails only now with this most recent move to 12.2 under OpenVZ. As noted OP, hit counts correctly accumulate and appropriate output appears in the kernel ringbuffer as shown by /sbin/dmesg. The script which builds my tables is itself 500+ lines, so here is just a typical snippet, LOG'ing and DROP'ing telnet probes: #------------------ iptables -N telnet iptables -A telnet -j LOG --log-prefix "(DROP TELNET) " iptables -A telnet -j DROP iptables -A INPUT -j telnet -p tcp --dport 23 #------------------ > > Second, are you looking in the right log? The Slackware default syslog.conf > rules read (in part)... [...] I use a very simple /etc/syslog.conf, in full: #------------------ *.*;mail.none; /var/log/syslog mail.* /var/log/mail #------------------ > HTH > Thanks, but no new clue :*) -- William Hunt, Portland Oregon USA
|
Next
|
Last
Pages: 1 2 3 Prev: How to compile Slackware from source Next: iptables LOG not in syslogec |