iptables log 設定如何啟用
<P>要讓 iptables 留下 log ...可以這樣做~~</P>
<P> </P>Iptables default log file
<P>For example, if you type the following command, it will display current iptables log from /var/log/messages file:<BR></P>
<P>預設log會到/var/log/messages,如果要改到其他目錄 syslog.conf 該如何設定 ?</P>
<P> </P>Procedure to log the iptables messages to a different log file
<P>Open your /etc/syslog.conf file:<BR>[quote]</P>
<P># vi /etc/syslog.conf</P>
<P>[/quote]</P>
<P> </P>
<P>Append following line</P>
<P>[quote]</P>
<P>kern.warning /var/log/iptables.log</P>
<P>[/quote]</P>
<P> </P>
<P>Save and close the file.</P>
<P>Restart the syslog</P>
<P>[quote]</P>
<P>service syslog restart</P>
<P>[/quote]</P>
<P> </P>
<P>在Firewall 設定加上</P>
<P>[quote]</P>
<P>iptables -A FORWARD -p tcp -j LOG --log-prefix '** HACKERS **' --log-level 4</P>
<P>[/quote]</P>
<P> </P>
<P>Where,</P>
<UL>
<LI><STRONG>--log-level 4</STRONG>: Level of logging. The level # 4 is for warning.
<LI><STRONG>--log-prefix '*** TEXT ***'</STRONG>: Prefix log messages with the specified prefix (TEXT); up to 29 letters long, and useful for distinguishing messages in the logs.</LI></UL>
<P> </P>
<P>You can now see all iptables message logged to /var/log/iptables.log file:</P>
<P> </P>
<P>[quote]</P>
<P># tail -f /var/log/iptables.log</P>
<P>[/quote]</P>