The solutions for this is to put your iptables logs to a different file.
In Debian 6.0, you can do this by using rsyslog. (If you don't have it in your server, you can install it by using apt-get. "apt-get install rsyslog")
Here are the steps:
1. You need to create a configuration file for iptables. Go to the rsyslog directory.
$cd /etc/rsyslog.d
$nano iptables.conf
2. Inside your configuration file you need to add the following. Just modify the part inside the double quote to your needs. This are the prefix that you'll be using in your iptables rules.
:msg, contains, "luifirewall:ssh trusted " /var/log/iptables/ssh_trusted.log
:msg, contains, "luifirewall:ssh illegal " /var/log/iptables/ssh_illegal.log
& ~
3. Take note of the prefix that you used above. In your iptables rules, add it in your logging rules.
example:
$IPTABLES -A ssh-in -j LOG --log-prefix "luifirewall:ssh_trusted: "
4. Don't forget to add your log file to the lograte service. You don't want this log to eat up your space right? To do this, follow the steps below.
a. Go to the logrotate directory and create a logrotate function.
$cd /etc/logrotate.d
$nano iptables
b. Insert the following.
/var/log/iptables/*.log {
daily
missingok
rotate 6
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
}
5. You're done! Have fun!
No comments:
Post a Comment