logy

[Pavel Korner]

V /etc/syslogd.conf jsem mel (zestrucneno):
---
#kern.*	/dev/console
*.info;mail.none;authpriv.none;cron.none		/var/log/messages
authpriv.*						/var/log/secure
mail.*							/var/log/maillog
cron.*							/var/log/cron
*.emerg							*
uucp,news.crit						/var/log/spooler
local7.*						/var/log/boot.log
---

protoze mam spusteny firewall na iptables, loguju scanovani portu, pokusy
pro pristup k sluzbam etc..
napr.. ...$IPT -A SCAN -m limit --limit 2/s -j LOG --log-level
info --log-prefix "**PORTSCAN**"...
hezky to behalo a ve /var/log/messages se objevovalo:

May 14 10:37:38 hampson kernel: **PORTSCAN**IN=eth0 OUT=
MAC=00:60:97:2e:d4:28:00:02:fd:cd:07:ad:08:00 SRC=195.47.58.81
DST=194.212.159.150 LEN=40 TOS=0x00 PREC=0x20 TTL=119 ID=56582 DF PROTO=TCP
SPT=3732 DPT=10000 WINDOW=0 RES=0x00 RST URGP=0
May 14 10:37:54 hampson kernel: **PORTSCAN**IN=eth0 OUT=
MAC=00:60:97:2e:d4:28:00:02:fd:cd:07:ad:08:00 SRC=195.47.58.81
DST=194.212.159.150 LEN=40 TOS=0x00 PREC=0x20 TTL=119 ID=57062 DF PROTO=TCP
SPT=3759 DPT=10000 WINDOW=0 RES=0x00 RST URGP=0
May 14 10:37:55 hampson kernel: **PORTSCAN**IN=eth0 OUT=
MAC=00:60:97:2e:d4:28:00:02:fd:cd:07:ad:08:00 SRC=195.47.58.81
DST=194.212.159.150 LEN=40 TOS=0x00 PREC=0x20 TTL=119 ID=57151 DF PROTO=TCP
SPT=3762 DPT=10000 WINDOW=0 RES=0x00 RST URGP=0

chtel jsem to vylepsit, vytvoril jsem /var/log/iptables
a do konfigurace syslogu dopsal:

#logy v iptables
kern.*							/var/log/iptables

restartoval logovani, jenze od te chvile se mi v /var/log/mesages objevuje
pouze nasledujici:

May 14 11:35:28 hampson exiting on signal 15
May 14 11:35:30 hampson syslogd 1.4.1: restart.
May 14 11:55:24 hampson -- MARK --
May 14 12:15:24 hampson -- MARK --
May 14 12:35:24 hampson -- MARK --

a ve /var/log/iptables se nepripisuje vubec nic.

Kdeze jsem udelal tu botu?

Diky
Cochtan