Re: Can't get iptables LOG

To: Laurent Raufaste <analogue@glop.org>
Cc: debian-firewall@lists.debian.org
Subject: Re: Can't get iptables LOG
From: hhding <hhding.gnu@gmail.com>
Date: Sat, 23 Feb 2008 08:40:21 +0800
Message-id: <[🔎] 47BF6B75.7060707@gmail.com>
In-reply-to: <[🔎] 669dc9710802220555q476689c1v8b91c18fee2eef44@mail.gmail.com>
References: <[🔎] 669dc9710802220254t413eeac8ua8350965abdaf59f@mail.gmail.com> <F152C0F4-270F-42CA-91EA-7DAD131ADDED@gmx.net> <[🔎] 669dc9710802220555q476689c1v8b91c18fee2eef44@mail.gmail.com>

or you can change /etc/default/klogd like this
KLOGD="-x -s"

-s Force klogd to use the system call interface to thekernel mes-

             sage buffers.

Laurent Raufaste wrote:

Ok this was it !

Setting another value in /proc/sys/kernel/printk (and in sysctl.conffor boot time) fixed it.


Thanks a lot !

2008/2/22, Thomas Hospenthal <thospenthal@gmx.net<mailto:thospenthal@gmx.net>>:


    Hello

    My Ubuntu Server didn't log eighter from iptables to syslogd. I
    finally got it to work by telling the kernel log daemon (klogd) to
    log everything from message level 4 and above. Iptables works in the
    kernel and therefore its log messages will be logged in the kernel
    log file (see /etc/syslog.conf).

    On my Ubuntu, I had to add "-c 4" to the parameter in /etc/default/
    klogd. The file itself says that
    this method is depricated and you should use sysctl instead. I will
    try that on my new server soon, but until then, this method seems to
    work fine.

    HTH

    Tom

    Am 22.02.2008 um 11:54 schrieb Laurent Raufaste:


    > Hi,
    >
    > I'm trying to get iptables to LOG on a xen virtual machine, but for
    > some reason I can't get iptables to log.
    >
    > Here's what I'm doing:
    >
    > in /etc/syslog.conf I have:
    > *.* /var/log/iptables.log
    >
    > I restarted syslog:
    > # /etc/init.d/sysklogd restart
    > Restarting system log daemon: syslogd.
    >
    > Now I setup the LOG rule:
    > iptables -F
    > iptables -X
    > iptables -v -A INPUT -j LOG
    > iptables -P INPUT ACCEPT
    > iptables -P OUTPUT ACCEPT
    > iptables -P FORWARD ACCEPT
    >
    > I can't make it simplier I think.
    >
    > I check if the rules are ok:
    > # iptables -nvL
    > Chain INPUT (policy ACCEPT 630 packets, 46742 bytes)
    >  pkts bytes target     prot opt in     out     source
    > destination
    >    99  7092 LOG        0    --  *      *       0.0.0.0/0
    <http://0.0.0.0/0>
    > 0.0.0.0/0 <http://0.0.0.0/0>           LOG flags 0 level 4
    >
    > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    >  pkts bytes target     prot opt in     out     source
    > destination
    >
    > Chain OUTPUT (policy ACCEPT 436 packets, 65874 bytes)
    >  pkts bytes target     prot opt in     out     source
    > destination
    >
    > I see that some packets are logged in, but I can't see anything in
    > /var/log/iptables.log, or any other log file =(
    >
    > See:
    > cat /var/log/iptables:
    > Feb 22 11:51:09 jfg-pgslave2 syslogd 1.4.1#18: restart.
    >
    > Nothing more, even by generating some traffic.
    > I don't see why it does not work (it works on other boxes) and I
    don't
    > see how I can look deeper in order to debug this behavior =(
    > I'm using a debian etch.
    >
    > Thanks for the help !
    >
    > --
    > Laurent Raufaste
    > <http://www.glop.org/>
    >
    >

    > --
    > To UNSUBSCRIBE, email to
    debian-firewall-REQUEST@lists.debian.org
    <mailto:debian-firewall-REQUEST@lists.debian.org>
    > with a subject of "unsubscribe". Trouble? Contact
    > listmaster@lists.debian.org <mailto:listmaster@lists.debian.org>




--
Laurent Raufaste

<http://www.glop.org/>

Reply to:

References:
- Can't get iptables LOG
  - From: "Laurent Raufaste" <analogue@glop.org>
- Re: Can't get iptables LOG
  - From: "Laurent Raufaste" <analogue@glop.org>

Prev by Date: Re: Can't get iptables LOG
Next by Date: CONFIRM ELIGIBILITY
Previous by thread: Re: Can't get iptables LOG
Next by thread: CONFIRM ELIGIBILITY
Index(es):
- Date
- Thread