Re: Can't get iptables LOG

To: debian-firewall@lists.debian.org
Subject: Re: Can't get iptables LOG
From: Mark Chong <mchong@stabat.com>
Date: Thu, 10 Apr 2008 11:55:41 +1000 (EST)
Message-id: <2010556981.38431207792541340.JavaMail.root@quirinus>
In-reply-to: <47BF6B75.7060707@gmail.com>

I am having this exact same problem.

KLOGD="-x -s"

kernel.printk = 4 4 1 7
(havn't restarted but, echo'd values to the proc file)

syslogconf
*.* /var/log/iptables.log

dmesg shows logs from iptables
and iptables.log shows other logging information

now the interesting thing is
after restarting klogd
it sets printk to 7 4 1 7
this doesn't appear to effect the logging as it will log/not log regardless to this value being changed

after restarting klogd i get the iptables logs it iptables.log
but after restarting sysklogd it stops!
then if i restart klogd again it works again

any ideas?

----- Original Message -----
From: "hhding" <hhding.gnu@gmail.com>
To: "Laurent Raufaste" <analogue@glop.org>
Cc: debian-firewall@lists.debian.org
Sent: Saturday, 23 February 2008 11:40:21 AM (GMT+1000) Australia/Sydney
Subject: Re: Can't get iptables LOG

or you can change /etc/default/klogd like this
KLOGD="-x -s"

       -s     Force  klogd to use the system call interface to the 
kernel mes-
              sage buffers.

Laurent Raufaste wrote:
> Ok this was it !
>
> Setting another value in /proc/sys/kernel/printk (and in sysctl.conf 
> for boot time) fixed it.
>
> Thanks a lot !
>
> 2008/2/22, Thomas Hospenthal <thospenthal@gmx.net 
> <mailto:thospenthal@gmx.net>>:
>
>     Hello
>
>     My Ubuntu Server didn't log eighter from iptables to syslogd. I
>     finally got it to work by telling the kernel log daemon (klogd) to
>     log everything from message level 4 and above. Iptables works in the
>     kernel and therefore its log messages will be logged in the kernel
>     log file (see /etc/syslog.conf).
>
>     On my Ubuntu, I had to add "-c 4" to the parameter in /etc/default/
>     klogd. The file itself says that
>     this method is depricated and you should use sysctl instead. I will
>     try that on my new server soon, but until then, this method seems to
>     work fine.
>
>     HTH
>
>     Tom
>
>     Am 22.02.2008 um 11:54 schrieb Laurent Raufaste:
>
>
>     > Hi,
>     >
>     > I'm trying to get iptables to LOG on a xen virtual machine, but for
>     > some reason I can't get iptables to log.
>     >
>     > Here's what I'm doing:
>     >
>     > in /etc/syslog.conf I have:
>     > *.* /var/log/iptables.log
>     >
>     > I restarted syslog:
>     > # /etc/init.d/sysklogd restart
>     > Restarting system log daemon: syslogd.
>     >
>     > Now I setup the LOG rule:
>     > iptables -F
>     > iptables -X
>     > iptables -v -A INPUT -j LOG
>     > iptables -P INPUT ACCEPT
>     > iptables -P OUTPUT ACCEPT
>     > iptables -P FORWARD ACCEPT
>     >
>     > I can't make it simplier I think.
>     >
>     > I check if the rules are ok:
>     > # iptables -nvL
>     > Chain INPUT (policy ACCEPT 630 packets, 46742 bytes)
>     >  pkts bytes target     prot opt in     out     source
>     > destination
>     >    99  7092 LOG        0    --  *      *       0.0.0.0/0
>     <http://0.0.0.0/0>
>     > 0.0.0.0/0 <http://0.0.0.0/0>           LOG flags 0 level 4
>     >
>     > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>     >  pkts bytes target     prot opt in     out     source
>     > destination
>     >
>     > Chain OUTPUT (policy ACCEPT 436 packets, 65874 bytes)
>     >  pkts bytes target     prot opt in     out     source
>     > destination
>     >
>     > I see that some packets are logged in, but I can't see anything in
>     > /var/log/iptables.log, or any other log file =(
>     >
>     > See:
>     > cat /var/log/iptables:
>     > Feb 22 11:51:09 jfg-pgslave2 syslogd 1.4.1#18: restart.
>     >
>     > Nothing more, even by generating some traffic.
>     > I don't see why it does not work (it works on other boxes) and I
>     don't
>     > see how I can look deeper in order to debug this behavior =(
>     > I'm using a debian etch.
>     >
>     > Thanks for the help !
>     >
>     > --
>     > Laurent Raufaste
>     > <http://www.glop.org/>
>     >
>     >
>
>     > --
>     > To UNSUBSCRIBE, email to
>     debian-firewall-REQUEST@lists.debian.org
>     <mailto:debian-firewall-REQUEST@lists.debian.org>
>     > with a subject of "unsubscribe". Trouble? Contact
>     > listmaster@lists.debian.org <mailto:listmaster@lists.debian.org>
>
>
>
>
> -- 
> Laurent Raufaste
> <http://www.glop.org/> 


-- 
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Can't get iptables LOG
  - From: Gian Piero Carrubba <gp-ml@rm-rf.it>

Prev by Date: FROM MR . RAHA. ALI ,MUSA. IF YOU ARE INTERESTED GET BACK TO ME
Next by Date: Re: Can't get iptables LOG
Previous by thread: FROM MR . RAHA. ALI ,MUSA. IF YOU ARE INTERESTED GET BACK TO ME
Next by thread: Re: Can't get iptables LOG
Index(es):
- Date
- Thread