나는 단지 iptables 메시지를 에 기록하고 싶습니다 /var/log/iptables.log.
sudo vim /etc/rsyslog.conf
kern.* -/var/log/iptables.log
sudo vim /etc/rsyslog.d/iptables.conf
:msg, startswith, "NETFILTER" -/var/log/iptables.log
& ~
sudo iptables -A OUTPUT -m limit --limit 10/m -j LOG --log-prefix NETFILTER
sudo iptables-save > /etc/iptables/rules.v4
sudo systemctl restart rsyslog
그리고 /var/log/iptables.log에서 모든 로그 메시지를 지웁니다.
sudo echo "" |sudo tee /var/log/iptables.log
이제 컴퓨터를 다시 시작하십시오.
sudo cat /var/log/iptables.log
Nov 19 09:21:29 MiWiFi kernel: [ 7.069752] input: Eee PC WMI hotkeys as /devices/platform/eeepc-wmi/input/input15
Nov 19 09:21:29 MiWiFi kernel: [ 7.069918] asus_wmi: Number of fans: 1
Nov 19 09:21:29 MiWiFi kernel: [ 7.264095] Adding 1952764k swap on /dev/sda5. Priority:-1 extents:1 across:1952764k FS
Nov 19 09:21:29 MiWiFi kernel: [ 11.464093] ip6_tables: (C) 2000-2006 Netfilter Core Team
Nov 19 09:21:31 MiWiFi kernel: [ 13.153842] Netfilter messages via NETLINK v0.30.
Nov 19 09:21:31 MiWiFi kernel: [ 13.529229] r8169 0000:03:00.0: firmware: failed to load rtl_nic/rtl8168g-2.fw (-2)
Nov 19 09:21:31 MiWiFi kernel: [ 13.529300] r8169 0000:03:00.0: Direct firmware load for rtl_nic/rtl8168g-2.fw failed with error -2
Nov 19 09:21:31 MiWiFi kernel: [ 13.529307] r8169 0000:03:00.0 enp3s0: unable to load firmware patch rtl_nic/rtl8168g-2.fw (-2)
Nov 19 09:21:31 MiWiFi kernel: [ 13.542639] r8169 0000:03:00.0 enp3s0: link down
Nov 19 09:21:31 MiWiFi kernel: [ 13.542657] r8169 0000:03:00.0 enp3s0: link down
Nov 19 09:21:31 MiWiFi kernel: [ 13.542749] IPv6: ADDRCONF(NETDEV_UP): enp3s0: link is not ready
Nov 19 09:21:33 MiWiFi kernel: [ 15.517613] NET: Registered protocol family 4
Nov 19 09:21:33 MiWiFi kernel: [ 15.543358] NET: Registered protocol family 3
Nov 19 09:21:33 MiWiFi kernel: [ 15.573343] NET: Registered protocol family 5
Nov 19 09:21:34 MiWiFi kernel: [ 16.105505] r8169 0000:03:00.0 enp3s0: link up
Nov 19 09:21:34 MiWiFi kernel: [ 16.105513] IPv6: ADDRCONF(NETDEV_CHANGE): enp3s0: link becomes ready
Nov 19 09:21:36 MiWiFi kernel: [ 18.128165] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 MARK=0xd4
Nov 19 09:21:36 MiWiFi kernel: [ 18.173678] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.251 LEN=236 TOS=0x00 PREC=0x00 TTL=255 ID=65025 DF PROTO=UDP SPT=5353 DPT=5353 LEN=216
Nov 19 09:21:36 MiWiFi kernel: [ 18.424244] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.251 LEN=236 TOS=0x00 PREC=0x00 TTL=255 ID=65028 DF PROTO=UDP SPT=5353 DPT=5353 LEN=216
Nov 19 09:21:36 MiWiFi kernel: [ 18.674976] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.251 LEN=236 TOS=0x00 PREC=0x00 TTL=255 ID=65082 DF PROTO=UDP SPT=5353 DPT=5353 LEN=216
Nov 19 09:21:36 MiWiFi kernel: [ 18.812203] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 MARK=0xd4
Nov 19 09:21:42 MiWiFi kernel: [ 24.142666] fuse init (API version 7.26)
Nov 19 09:21:56 MiWiFi kernel: [ 38.904380] NETFILTERIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2471 DF PROTO=TCP SPT=59188 DPT=4101 WINDOW=43690 RES=0x00 SYN URGP=0
1부는 아래와 같이 내 컴퓨터의 커널 부팅 정보입니다.
Nov 19 09:21:29 MiWiFi kernel: [ 7.069752] input: Eee PC WMI hotkeys as /devices/platform/eeepc-wmi/input/input15
Nov 19 09:21:29 MiWiFi kernel: [ 7.069918] asus_wmi: Number of fans: 1
Nov 19 09:21:29 MiWiFi kernel: [ 7.264095] Adding 1952764k swap on /dev/sda5. Priority:-1 extents:1 across:1952764k FS
Nov 19 09:21:29 MiWiFi kernel: [ 11.464093] ip6_tables: (C) 2000-2006 Netfilter Core Team
Nov 19 09:21:31 MiWiFi kernel: [ 13.153842] Netfilter messages via NETLINK v0.30.
Part 2는 아래와 같이 내 컴퓨터의 iptables 메시지에 대한 정보입니다.
Nov 19 09:21:36 MiWiFi kernel: [ 18.812203] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 MARK=0xd4
Nov 19 09:21:56 MiWiFi kernel: [ 38.904380] NETFILTERIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2471 DF PROTO=TCP SPT=59188 DPT=4101 WINDOW=43690 RES=0x00 SYN URGP=0
/var/log/iptables.log에 커널 정보와 iptables 정보를 포함하지 않고 iptables 메시지(1부 대신 2부)만 /var/log/iptables.log에 기록하려면 어떻게 해야 합니까?
답변1
rsyslog.conf 예에서는 이미 iptables 메시지가 포함되어 있는 iptables.log에 kern.*AND를 보냅니다 .:msg, startswith, "NETFILTER"kern.*
귀하의 예에서는 rsyslog.conf의 kern.* 대상을 기본 kern.log 파일로 수정하십시오.
kern.* -/var/log/kern.log
/etc/rsyslog.d/iptables.conf에 넣고 rsyslog를 다시 로드/다시 시작하십시오.
:msg, regex, "NETFILTER" -/var/log/iptables.log
& ~
"startswith" 대신 "정규 표현식"을 참고하세요. 작동한다면 정규식 문자열을 최적화하세요.
질문을 끝내려면 귀하가 제공하는 답변을 수락하십시오.