On 5/21/2012 12:15 PM, Alan J. Gagne wrote:
>
> You could look at sending iptables messages to /var/log/iptables using
> rsyslog.
>
> http://blog.shadypixel.com/log-iptables-messages-to-a-separate-file-with-rsyslog/
>
> Alan
>
>
Alan:
Thanks for the reply. I did an initial read of the page and it looks
interesting. That being said, I'm going to have to take a few more
passes to make sure I understand it.
If I read correctly, it isn't a replacement for logging to
/var/log/messages, just a way to filter those logs into another log that
only gets what I want to see?
You can use it to redirect all iptables messages to a seperate log
only.
You may want to look at ulogd in the fedora repo. I have used this
in the past
for saving data to mysql.
Alan
Name******* : ulogd
Arch******* : x86_64
Version**** : 1.24
Release**** : 15.fc16
Size******* : 131 k
Repo******* : fedora
Summary**** : The userspace logging daemon for netfilter
URL******** : http://gnumonks.org/projects
License**** : GPLv2
Description : Ulogd is an universal logging daemon for the ULOG
target of netfilter, the
*********** : Linux 2.4+ firewalling subsystem. Ulogd is able to log
packets in various
*********** : formats to different targets (text files, databases,
etc..). It has an
*********** : easy-to-use plugin interface to add new protocols and
new output targets.
Name******* : ulogd-mysql
Arch******* : x86_64
Version**** : 1.24
Release**** : 15.fc16
Size******* : 11 k
Repo******* : fedora
Summary**** : MySQL output plugin for ulogd
URL******** : http://gnumonks.org/projects
License**** : GPLv2
Description : Ulogd-mysql is a MySQL output plugin for ulogd. It
enables logging of
*********** : firewall information into a MySQL database.
Name******* : ulogd-pcap
Arch******* : x86_64
Version**** : 1.24
Release**** : 15.fc16
Size******* : 9.2 k
Repo******* : fedora
Summary**** : PCAP output plugin for ulogd
URL******** : http://gnumonks.org/projects
License**** : GPLv2
Description : ulogd-pcap is a output plugin for ulogd that saves
packet logs as PCAP file.
*********** : PCAP is a standard format that can be later analyzed
by a lot of tools such as
*********** : tcpdump and wireshark.
Name******* : ulogd-pgsql
Arch******* : x86_64
Version**** : 1.24
Release**** : 15.fc16
Size******* : 11 k
Repo******* : fedora
Summary**** : PostgreSQL output plugin for ulogd
URL******** : http://gnumonks.org/projects
License**** : GPLv2
Description : Ulogd-pgsql is a PostgreSQL output plugin for ulogd.
It enables logging of
*********** : firewall information into a PostgreSQL database.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-21-2012, 09:36 PM
Paul Allen Newell
way to flush /var/log/message
On 5/21/2012 1:19 PM, Alan J. Gagne wrote:
On 5/21/2012 12:15 PM, Alan J. Gagne wrote:
>
> You could look at sending iptables messages to /var/log/iptables using
> rsyslog.
>
> http://blog.shadypixel.com/log-iptables-messages-to-a-separate-file-with-rsyslog/
>
> Alan
>
>
Alan:
Thanks for the reply. I did an initial read of the page and it looks
interesting. That being said, I'm going to have to take a few more
passes to make sure I understand it.
If I read correctly, it isn't a replacement for logging to
/var/log/messages, just a way to filter those logs into another log that
only gets what I want to see?
You can use it to redirect all iptables messages to a seperate log
only.
You may want to look at ulogd in the fedora repo. I have used this
in the past
for saving data to mysql.
Alan
Name******* : ulogd
Arch******* : x86_64
Version**** : 1.24
Release**** : 15.fc16
Size******* : 131 k
Repo******* : fedora
Summary**** : The userspace logging daemon for netfilter
URL******** : http://gnumonks.org/projects
License**** : GPLv2
Description : Ulogd is an universal logging daemon for the ULOG
target of netfilter, the
*********** : Linux 2.4+ firewalling subsystem. Ulogd is able to
log packets in various
*********** : formats to different targets (text files, databases,
etc..). It has an
*********** : easy-to-use plugin interface to add new protocols
and new output targets.
Name******* : ulogd-mysql
Arch******* : x86_64
Version**** : 1.24
Release**** : 15.fc16
Size******* : 11 k
Repo******* : fedora
Summary**** : MySQL output plugin for ulogd
URL******** : http://gnumonks.org/projects
License**** : GPLv2
Description : Ulogd-mysql is a MySQL output plugin for ulogd. It
enables logging of
*********** : firewall information into a MySQL database.
Name******* : ulogd-pcap
Arch******* : x86_64
Version**** : 1.24
Release**** : 15.fc16
Size******* : 9.2 k
Repo******* : fedora
Summary**** : PCAP output plugin for ulogd
URL******** : http://gnumonks.org/projects
License**** : GPLv2
Description : ulogd-pcap is a output plugin for ulogd that saves
packet logs as PCAP file.
*********** : PCAP is a standard format that can be later analyzed
by a lot of tools such as
*********** : tcpdump and wireshark.
Name******* : ulogd-pgsql
Arch******* : x86_64
Version**** : 1.24
Release**** : 15.fc16
Size******* : 11 k
Repo******* : fedora
Summary**** : PostgreSQL output plugin for ulogd
URL******** : http://gnumonks.org/projects
License**** : GPLv2
Description : Ulogd-pgsql is a PostgreSQL output plugin for ulogd.
It enables logging of
*********** : firewall information into a PostgreSQL database.
Alan:
Thanks for letting me know that it wasn't what I expected on first
reading. I'll look into the ulogd.
Paul
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-22-2012, 12:07 AM
Max Pyziur
way to flush /var/log/message
On Sun, 20 May 2012, Paul Allen Newell wrote:
On 5/20/2012 5:20 AM, Mikkel L. Ellertson wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/19/2012 11:51 PM, Paul Allen Newell wrote:
> Hello:
>
> Is there a way to flush output to /etc/log/message so a tail -f
> catches things when they happen rather than what I think I am
> seeing as a buffer hold-until-full delay?
>
> Thanks in advance, Paul
What you are seeing is the last last 10 lines of the file, and
then new additions as it is added to the file. This is the way
tail -f works. You may want to read the man or info page on tail.
Mikkel
- --
JD: Thanks for the suggestions of things to "man" in your earlier reply
Mikkel: I understand tail. What I am having problems with is expecting to see
new additions from iptables logging rejections and not getting them until
much later, if at all? I just wanted to find out if there was a need/way to
make sure that nothing is "waiting" to be written as Idon't know if there is
any buffering of output (something like fflush() in c++).
Suvayu and Reindl: Thanks for your suggestions.
To all: I am getting the sense from these answers that the assumption is that
anything that needs to be written to /var/log/messages happens on demand and
there is no buffering (as in "nobody replied that I need to do something to
flush").
One more suggestion; if I understand correctly, you want to tail -f a
logfile, but you only want to see certain events; perhaps this is what you
need:
Max Pyziur
pyz@brama.com
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-22-2012, 01:25 AM
Paul Allen Newell
way to flush /var/log/message
On 5/21/2012 5:07 PM, Max Pyziur wrote:
One more suggestion; if I understand correctly, you want to tail -f a
logfile, but you only want to see certain events; perhaps this is what
you need:
Thanks for email. Actually, I want to be able to see the message in
context of whats around it as I am still learning about iptables and
/var/log/messages. I tried a grep and it was even harder to see if
anything was happening as I could do an action which I knew would leave
a message right then and there.
To be honest, now that I found out that the problem with ssh from F16 to
Cygwin was POM on the Windows side (and notice I am not limiting to just
Cygwin (smile)), it has become "not so important". But some of the
suggestions look worth looking at as I've wanted a way to get debug
messages out of iptables into a file other than /var/log/messages as I
try to learn more about usign iptables.
Paul
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-22-2012, 07:23 AM
jarmo
way to flush /var/log/message
Mon, 21 May 2012 18:25:44 -0700
Paul Allen Newell <pnewell@cs.cmu.edu> kirjoitti:
> To be honest, now that I found out that the problem with ssh from F16
> to Cygwin was POM on the Windows side (and notice I am not limiting
> to just Cygwin (smile)), it has become "not so important". But some
> of the suggestions look worth looking at as I've wanted a way to get
> debug messages out of iptables into a file other
> than /var/log/messages as I try to learn more about usign iptables.
>
> Paul
How about
http://www.cyberciti.biz/tips/force-iptables-to-log-messages-to-a-different-log-file.html
and some basics http://gr8idea.info/os/tutorials/security/iptables5.html
Hopefully some help?
Jarmo
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-22-2012, 07:56 PM
Bill Davidsen
way to flush /var/log/message
Mikkel L. Ellertson wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/19/2012 11:51 PM, Paul Allen Newell wrote:
Hello:
Is there a way to flush output to /etc/log/message so a tail -f
catches things when they happen rather than what I think I am
seeing as a buffer hold-until-full delay?
Thanks in advance, Paul
What you are seeing is the last last 10 lines of the file, and
then new additions as it is added to the file. This is the way
tail -f works. You may want to read the man or info page on tail.
tail -0f /var/log/messages
You get the existing lines you ask for, ten by default. And there is a buffering
option in syslogd, I just don't recall where I used to set it. I believe by
default it's line buffered, output at newline.
--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-22-2012, 08:01 PM
Bill Davidsen
way to flush /var/log/message
Paul Allen Newell wrote:
On 5/21/2012 5:48 AM, Tim wrote:
On Sun, 2012-05-20 at 11:35 -0700, Paul Allen Newell wrote:
I am having problems with is expecting to see new additions from
iptables logging rejections and not getting them until much later, if
at all? I just wanted to find out if there was a need/way to make sure
that nothing is "waiting" to be written as Idon't know if there is any
buffering of output (something like fflush() in c++).
You can configure iptables to log to somewhere else. Another file, or
directly to a console.
Tim:
When I first looked into the man pages et al for iptables, I found the LOG but
no way to specify a file. The best I could sort out was using a prefix so I
would at least have a token to search for in /var/log/messages.
I just did a quick google to see if I missed something. The only thing I see is
a level and a link to syslog.conf, which I did not get on first reading (and it
didn't feel like where I should be looking to begin with).
Can you point me to a link?
/etc/rsyslog.conf and it's man page. Define a debug.log and have debug stuff go
there, by setting the level to debug.
--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-22-2012, 08:05 PM
Bill Davidsen
way to flush /var/log/message
Paul Allen Newell wrote:
On 5/21/2012 5:07 PM, Max Pyziur wrote:
One more suggestion; if I understand correctly, you want to tail -f a logfile,
but you only want to see certain events; perhaps this is what you need:
Thanks for email. Actually, I want to be able to see the message in context of
whats around it as I am still learning about iptables and /var/log/messages. I
tried a grep and it was even harder to see if anything was happening as I could
do an action which I knew would leave a message right then and there.
To be honest, now that I found out that the problem with ssh from F16 to Cygwin
was POM on the Windows side (and notice I am not limiting to just Cygwin
(smile)), it has become "not so important". But some of the suggestions look
worth looking at as I've wanted a way to get debug messages out of iptables into
a file other than /var/log/messages as I try to learn more about usign iptables.
From part of my firewall startup, a few LOG calls wehich might help.
# LOG and REJECT anything which looks like a probe
iptables -N PROBE
iptables -A PROBE -j LOG --log-level debug --log-prefix PROBE:
iptables -A PROBE -j REJECT --reject-with icmp-host-unreachable
--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-23-2012, 06:57 PM
Paul Allen Newell
way to flush /var/log/message
On 5/22/2012 1:05 PM, Bill Davidsen wrote:
From part of my firewall startup, a few LOG calls wehich might help.
# LOG and REJECT anything which looks like a probe
iptables -N PROBE
iptables -A PROBE -j LOG --log-level debug --log-prefix PROBE:
iptables -A PROBE -j REJECT --reject-with icmp-host-unreachable
Bill:
Thanks for reply and apologies for delay in getting back to you (got hit
with eth0/em1 issue).
I went to the iptables man pages and, if I understand your suggestion
correctly, you are creating a new chain called PROBE which then logs and
rejects.
My question is "what constitutes a probe?". I can see some references
online to probes being tcp for broken email, but not much more. I am
certain I am missing something in what you offered and what I find in
the man pages.
Paul
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-23-2012, 07:05 PM
Paul Allen Newell
way to flush /var/log/message
On 5/22/2012 12:56 PM, Bill Davidsen wrote:
tail -0f /var/log/messages
You get the existing lines you ask for, ten by default. And there is a
buffering option in syslogd, I just don't recall where I used to set
it. I believe by default it's line buffered, output at newline.
Bill:
Thanks for the info on "belief it is line buffered". That's what I
needed to know.
Paul
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
way to flush /var/log/message
