[plug] IPChain Question
Anthony J. Breeds-Taurima
tony at cantech.net.au
Wed May 30 15:12:35 WST 2001
On Wed, 30 May 2001, Jon Miller wrote:
> Want to log all DENY response to a file on another server. Does anyone know of way to do this.
You can tell syslog to send all messages from the kernel on the ipchains
machine to "/var/log/messages" _AND_ to the syslog service on a remote
machine.
IPchains machine:
/etc/syslog.conf
# kern messages are to go to ppcug
kern.* @some.other.machine
--------------------------------------------------------------------------------
some.other.machine:
start syslogd with "-r" (optionally [sugested] setup ipchains rules so that only
the right machine can connect)
--------------------------------------------------------------------------------
What you should see on "some.other.machine" is somethings like:
Mar 21 09:31:58 ipchains.machine kernel: blah blah blah
> I thought maybe I could do something like a secure copy to another server, but somehow I'll need to supply the password or I guess they could be logged in a file and have a cron script send them to me via email.
You could do something like:
egrep -i 'kernel: Packet log.*DENY' /var/log/messages | \
mail you at some.other.machine
or setup scp to do passwordless authentication.
Yours Tony.
/*
* "The significant problems we face cannot be solved at the
* same level of thinking we were at when we created them."
* --Albert Einstein
*/
More information about the plug
mailing list