[FLUG] Re: problema di spam di apache

On 11/9/06, Carlo Minucci <gecco@xxxxxxxxxxxx> wrote:



comunque, visto che state facendo iptables, dimmi il modo di avere i
log di iptables in un file che gli dico io, tipo /var/log/fw.log



C'è la catena LOG fatta a posta ;)
Ale

LOG
      Turn  on  kernel  logging  of  matching packets.  When this option is
set for a rule, the Linux kernel will print some information on all matching
      packets (like most IP header fields) via the kernel log (where it can
be read with dmesg or syslogd(8)).  This is a "non-terminating target", i.e.
      rule  traversal continues at the next rule.  So if you want to LOG
the packets you refuse, use two separate rules with the same matching
criteria,
      first using target LOG then DROP (or REJECT).

      --log-level level
             Level of logging (numeric or see syslog.conf(5)). The default
level is warning.

      --log-prefix prefix
             Prefix log messages with the specified prefix; up to 29
letters long, and useful for distinguishing messages in the logs.

      --log-tcp-sequence
             Log TCP sequence numbers. This is a security risk if the log
is readable by users.

      --log-tcp-options
             Log options from the TCP packet header.

      --log-ip-options
             Log options from the IP packet header.

Other related posts: