Wednesday, July 27, 2011

How to log iptables on a separate file or directory in linux (debian 6.0)

Is it a pain when you are viewing your iptables logs from you system logs (syslog/messages/kernel)?

The solutions for this is to put your iptables logs to a different file.

In Debian 6.0, you can do this by using rsyslog. (If you don't have it in your server, you can install it by using apt-get. "apt-get install rsyslog")

Here are the steps:

1. You need to create a configuration file for iptables. Go to the rsyslog directory.
$cd /etc/rsyslog.d
$nano iptables.conf

2. Inside your configuration file you need to add the following. Just modify the part inside the double quote to your needs. This are the prefix that you'll be using in your iptables rules.
:msg, contains, "luifirewall:ssh trusted " /var/log/iptables/ssh_trusted.log
:msg, contains, "luifirewall:ssh illegal " /var/log/iptables/ssh_illegal.log
& ~

3. Take note of the prefix that you used above. In your iptables rules, add it in your logging rules.
example:
$IPTABLES -A ssh-in -j LOG --log-prefix "luifirewall:ssh_trusted: "

4. Don't forget to add your log file to the lograte service. You don't want this log to eat up your space right? To do this, follow the steps below.

a. Go to the logrotate directory and create a logrotate function.
$cd /etc/logrotate.d
$nano iptables

b. Insert the following.
/var/log/iptables/*.log {
daily
missingok
rotate 6
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
}

5. You're done! Have fun!
Posted by at No comments:

How to Clear Swap Space in Linux (Debian 6.0)

Last time, I posted how to clear the memory cache in linux. This time, I will post on how to clear the memory swap space.

There are very few steps.

1. Clear the swap by turning it off.
$swapoff -a
2. Turn on the swap.
$swapon -a

You can also do this is one line.
$swapoff -a && swapon -a




Posted by at No comments:

Friday, July 1, 2011

How to Clear Cache on Squid 3 - Debian 6.0

There are 4 steps in clearing the cache of squid3.

1. Stop squid3.
$/etc/init.d/squid3 stop

2. Delete the cache directory.
$rm -Rf /var/spool/squid3/*

3. Create swap Directories.
$squid3 -z

4. Start squid3.
/etc/init.d/squid3 start


To make it easier, you can just do it in one shot.
Here's a script that I made to do that.


**********************************************
#!/bin/sh
#clear cache squid3 by lui 06-01-2011

/etc/init.d/squid3 stop;
sleep 1;
rm -Rf /var/spool/squid3/*;
sleep 1;
squid3 -z;
sleep 1;
/etc/init.d/squid3 start;
**********************************************

After clearing the cache, you can verify it by using "squidclient" to check squid cache storage.
1. Install squidclient.
$apt-get install squidclient

2. Check the cache storage capacity.
$squidclient mgr:storedir

Look for this line:
Current Capacity: 0% used, 100% free

Posted by at No comments:
Subscribe to: Posts (Atom)