![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2017-02-10
介紹
- LOG
- ULOG
LOG
* Default 係 log 到 kernel 的 logging
log level
# debug(7), info(6), notice(5), warning(4), err(3), crit(2), alert(1) and emerg(0)
設定
--log-level warning OR --log-level 4
log 到獨立的 file
/etc/rsyslog.conf
kern.warning -/var/log/iptables.log
service rsyslog restart
在 log 加 prefix
# Followed by a string of up to 29 characters
--log-prefix 'msg'
Usage Example
[1] Basic Log ping
iptables -A INPUT -p icmp -j LOG
[2] log outgoing port 25 and drop it.
iptables -N LOGGING
iptables -A LOGGING -j LOG --log-level 4 --log-prefix 'PORT25'
iptables -A LOGGING -j DROP
iptables -A OUTPUT -p tcp --dport 25 -m state --state NEW -j LOGGING
/etc/rsyslog.conf
kern.warning /var/log/iptables.log
ULOG
ulog - netfilter userspace logging daemon
用 ulogd 去進行封包記錄
Homepage: http://www.netfilter.org/projects/ulogd/
# check iptables support ulog
grep -i ulog /boot/config-2.6.32-504.8.1.el6.i686
CONFIG_IP_NF_TARGET_ULOG=m CONFIG_BRIDGE_EBT_ULOG=m
# ulog 原理
* iptables 的ULOG target 會把資料 log 到 ulog daemon
iptables -A INPUT -p tcp -m tcp –dport 80 -j ULOG
