Re: Can't get iptables LOG
- To: debian-firewall@lists.debian.org
- Subject: Re: Can't get iptables LOG
- From: Mark Chong <mchong@stabat.com>
- Date: Thu, 10 Apr 2008 11:55:41 +1000 (EST)
- Message-id: <2010556981.38431207792541340.JavaMail.root@quirinus>
- In-reply-to: <47BF6B75.7060707@gmail.com>
I am having this exact same problem.
KLOGD="-x -s"
kernel.printk = 4 4 1 7
(havn't restarted but, echo'd values to the proc file)
syslogconf
*.* /var/log/iptables.log
dmesg shows logs from iptables
and iptables.log shows other logging information
now the interesting thing is
after restarting klogd
it sets printk to 7 4 1 7
this doesn't appear to effect the logging as it will log/not log regardless to this value being changed
after restarting klogd i get the iptables logs it iptables.log
but after restarting sysklogd it stops!
then if i restart klogd again it works again
any ideas?
----- Original Message -----
From: "hhding" <hhding.gnu@gmail.com>
To: "Laurent Raufaste" <analogue@glop.org>
Cc: debian-firewall@lists.debian.org
Sent: Saturday, 23 February 2008 11:40:21 AM (GMT+1000) Australia/Sydney
Subject: Re: Can't get iptables LOG
or you can change /etc/default/klogd like this
KLOGD="-x -s"
-s Force klogd to use the system call interface to the
kernel mes-
sage buffers.
Laurent Raufaste wrote:
> Ok this was it !
>
> Setting another value in /proc/sys/kernel/printk (and in sysctl.conf
> for boot time) fixed it.
>
> Thanks a lot !
>
> 2008/2/22, Thomas Hospenthal <thospenthal@gmx.net
> <mailto:thospenthal@gmx.net>>:
>
> Hello
>
> My Ubuntu Server didn't log eighter from iptables to syslogd. I
> finally got it to work by telling the kernel log daemon (klogd) to
> log everything from message level 4 and above. Iptables works in the
> kernel and therefore its log messages will be logged in the kernel
> log file (see /etc/syslog.conf).
>
> On my Ubuntu, I had to add "-c 4" to the parameter in /etc/default/
> klogd. The file itself says that
> this method is depricated and you should use sysctl instead. I will
> try that on my new server soon, but until then, this method seems to
> work fine.
>
> HTH
>
> Tom
>
> Am 22.02.2008 um 11:54 schrieb Laurent Raufaste:
>
>
> > Hi,
> >
> > I'm trying to get iptables to LOG on a xen virtual machine, but for
> > some reason I can't get iptables to log.
> >
> > Here's what I'm doing:
> >
> > in /etc/syslog.conf I have:
> > *.* /var/log/iptables.log
> >
> > I restarted syslog:
> > # /etc/init.d/sysklogd restart
> > Restarting system log daemon: syslogd.
> >
> > Now I setup the LOG rule:
> > iptables -F
> > iptables -X
> > iptables -v -A INPUT -j LOG
> > iptables -P INPUT ACCEPT
> > iptables -P OUTPUT ACCEPT
> > iptables -P FORWARD ACCEPT
> >
> > I can't make it simplier I think.
> >
> > I check if the rules are ok:
> > # iptables -nvL
> > Chain INPUT (policy ACCEPT 630 packets, 46742 bytes)
> > pkts bytes target prot opt in out source
> > destination
> > 99 7092 LOG 0 -- * * 0.0.0.0/0
> <http://0.0.0.0/0>
> > 0.0.0.0/0 <http://0.0.0.0/0> LOG flags 0 level 4
> >
> > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> > pkts bytes target prot opt in out source
> > destination
> >
> > Chain OUTPUT (policy ACCEPT 436 packets, 65874 bytes)
> > pkts bytes target prot opt in out source
> > destination
> >
> > I see that some packets are logged in, but I can't see anything in
> > /var/log/iptables.log, or any other log file =(
> >
> > See:
> > cat /var/log/iptables:
> > Feb 22 11:51:09 jfg-pgslave2 syslogd 1.4.1#18: restart.
> >
> > Nothing more, even by generating some traffic.
> > I don't see why it does not work (it works on other boxes) and I
> don't
> > see how I can look deeper in order to debug this behavior =(
> > I'm using a debian etch.
> >
> > Thanks for the help !
> >
> > --
> > Laurent Raufaste
> > <http://www.glop.org/>
> >
> >
>
> > --
> > To UNSUBSCRIBE, email to
> debian-firewall-REQUEST@lists.debian.org
> <mailto:debian-firewall-REQUEST@lists.debian.org>
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org <mailto:listmaster@lists.debian.org>
>
>
>
>
> --
> Laurent Raufaste
> <http://www.glop.org/>
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: