iptables log via busybox syslog to a file

3 3

iptables log via busybox syslog to a file

Peter Libassi <peter@libassi.se>

Details

Message ID: <2B706E47-843E-4C47-BE9B-17F62BC655AA@libassi.se>
DKIM signature: missing

Hi,                                                                             
                                                                                
I cant get iptables to LOG to a file via busybox syslog:                     
                                                                                
mordor:/var/log# uname -a                                                       
Linux mordor 4.19.72-0-vanilla #1-Alpine SMP Wed Sep 11 12:44:45 UTC 2019 x86_64
                                                                                
mordor:/var/log# cat /etc/syslog.conf                                           
kern.warning /var/log/iptables.log                                              
                                                                                
mordor:/var/log# rc-service syslog restart                                      
* WARNING: you are stopping a boot service                                      
* Stopping busybox crond ...                                             [ ok ] 
* Stopping busybox syslog ...                                            [ ok ] 
* Starting busybox syslog ...                                                   
                                                                                
mordor:/var/log# logger -p kern.warning hello                                   
mordor:/var/log# cat iptables.log                                               
Sep 16 22:30:38 mordor kern.warn root: hello                                    
                                                                                
mordor:/var/log# iptables -A FORWARD -j LOG --log-level 4                       
mordor:/var/log# iptables -A INPUT -j LOG --log-level 4                         
                                                                                
mordor:/var/log# iptables -L -v                                                 
Chain INPUT (policy ACCEPT 129 packets, 8595 bytes)                             
pkts bytes target     prot opt in     out     source               destination  
 744 51353 LOG        all  --  any    any     anywhere             anywhere     
                                                                                
Chain FORWARD (policy ACCEPT 981 packets, 391K bytes)                           
pkts bytes target     prot opt in     out     source               destination  
 981  391K LOG        all  --  any    any     anywhere             anywhere     
                                                                                
Chain OUTPUT (policy ACCEPT 87 packets, 10796 bytes)                            
pkts bytes target     prot opt in     out     source               destination  
                                                                                
mordor:/var/log# cat iptables.log                                               
Sep 16 22:30:38 mordor kern.warn root: hello                                    
                                                                                
                                                                                
What am I missing?                                                              
Thanks   
Peter

Konstantin Kulikov <k.kulikov2@gmail.com>

Details

Message ID: <CAD+eXGQXnMVSXRJZFuEaqgUFUk8cr55h_E4R8scr0xsY7to3Mw@mail.gmail.com>
In-Reply-To: <2B706E47-843E-4C47-BE9B-17F62BC655AA@libassi.se> (view parent)
DKIM signature: missing

Download raw message

4 years ago

Iptables logs into kernel ring buffer, you need to have klogd running
to forward it to syslog.

On Mon, Sep 16, 2019 at 8:46 PM Peter Libassi <peter@libassi.se> wrote:
>
> Hi,
>
> I cant get iptables to LOG to a file via busybox syslog:
>
> mordor:/var/log# uname -a
> Linux mordor 4.19.72-0-vanilla #1-Alpine SMP Wed Sep 11 12:44:45 UTC 2019 x86_64
>
> mordor:/var/log# cat /etc/syslog.conf
> kern.warning /var/log/iptables.log
>
> mordor:/var/log# rc-service syslog restart
> * WARNING: you are stopping a boot service
> * Stopping busybox crond ...                                             [ ok ]
> * Stopping busybox syslog ...                                            [ ok ]
> * Starting busybox syslog ...
>
> mordor:/var/log# logger -p kern.warning hello
> mordor:/var/log# cat iptables.log
> Sep 16 22:30:38 mordor kern.warn root: hello
>
> mordor:/var/log# iptables -A FORWARD -j LOG --log-level 4
> mordor:/var/log# iptables -A INPUT -j LOG --log-level 4
>
> mordor:/var/log# iptables -L -v
> Chain INPUT (policy ACCEPT 129 packets, 8595 bytes)
> pkts bytes target     prot opt in     out     source               destination
>  744 51353 LOG        all  --  any    any     anywhere             anywhere
>
> Chain FORWARD (policy ACCEPT 981 packets, 391K bytes)
> pkts bytes target     prot opt in     out     source               destination
>  981  391K LOG        all  --  any    any     anywhere             anywhere
>
> Chain OUTPUT (policy ACCEPT 87 packets, 10796 bytes)
> pkts bytes target     prot opt in     out     source               destination
>
> mordor:/var/log# cat iptables.log
> Sep 16 22:30:38 mordor kern.warn root: hello
>
>
> What am I missing?
> Thanks
> Peter

Peter Libassi <peter@libassi.se>

Details

Message ID: <6F26230B-BB73-4E3C-8230-AC457F8CBFC5@libassi.se>
In-Reply-To: <CAD+eXGQXnMVSXRJZFuEaqgUFUk8cr55h_E4R8scr0xsY7to3Mw@mail.gmail.com> (view parent)
DKIM signature: missing

Download raw message

4 years ago

Yes!, of cource, since I could see the iptables logs using the command ’dmesg’. Starting klogd did the trick, i can now see iptables log in /var/log/iptables.log.

I’m new on Alpine, love it already, just moved from Arch Linux since i never could be friend with systemd..

Thanks 
Peter

> 17 sep. 2019 kl. 16:52 skrev Konstantin Kulikov <k.kulikov2@gmail.com>:
> 
> Iptables logs into kernel ring buffer, you need to have klogd running
> to forward it to syslog.
> 
> On Mon, Sep 16, 2019 at 8:46 PM Peter Libassi <peter@libassi.se> wrote:
>>

PICCORO McKAY Lenz <mckaygerhard@gmail.com>

Details

Message ID: <CALci+FQRcwnFOYGBCDyDZ_R7j4cKFjX4aKMOGbe7TFg=C-RtiQ@mail.gmail.com>
In-Reply-To: <6F26230B-BB73-4E3C-8230-AC457F8CBFC5@libassi.se> (view parent)
DKIM signature: missing

Download raw message

4 years ago

great!

El mar., 17 de sep. de 2019 a la(s) 12:03, Peter Libassi
(peter@libassi.se) escribió:
>
> Yes!, of cource, since I could see the iptables logs using the command ’dmesg’. Starting klogd did the trick, i can now see iptables log in /var/log/iptables.log.
>
> I’m new on Alpine, love it already, just moved from Arch Linux since i never could be friend with systemd..
>
> Thanks
> Peter
>
> > 17 sep. 2019 kl. 16:52 skrev Konstantin Kulikov <k.kulikov2@gmail.com>:
> >
> > Iptables logs into kernel ring buffer, you need to have klogd running
> > to forward it to syslog.
> >
> > On Mon, Sep 16, 2019 at 8:46 PM Peter Libassi <peter@libassi.se> wrote:
> >>

~alpine/users

iptables log via busybox syslog to a file