iptables 禁止某ip访问 记录日志


iptables -I INPUT -s -j DROP



suse 11 的 日志设置在 /etc/syslog-ng/syslog-ng.conf
iptables -A INPUT -j LOG --log-prefix "iptables"


Edit the following file /etc/syslog-ng/syslog-ng.conf and uncomment or add the following line:
Make sure to uncomment or add this line to the source src block as such:

source src {
udp(ip("") port(514));
If TCP is desired, change the line to read:
source src {
tcp(ip("") port(514));

Restart the syslog service:
/etc/init.d/syslog restart
Verify that the syslog service is listening on the port specified by using the netstat program:

netstat -nap | grep syslog-ng
udp 0 0* 8043/syslog-ng
If TCP is chosen as the protocol:
netstat -nap |grep syslog-ng
tcp 0 0* 8043/syslog-ng

NOTE: If there is a firewall enabled, there must be an exception in place for the port chosen.
Setup the clients configuration:
Edit the /etc/syslog-ng/syslog-ng.conf file on the client machine and include/change the following information:

set up logging to loghost

destination loghost {
udp("" port(514));

For TCP:

destination loghost {
tcp("" port(514));

NOTE: Change the IP address to the ip address of the server that is acting as the loghost.

send everything to loghost

log {

Restart the syslog service on the client machine:
/etc/init.d/syslog restart
Test the logging facility on the client to ensure logs are being forwarded to the loghost:
logger test testmessage
One should see test testmessage in /var/log/messages on both the client and the server.

linux 开启独立iptables日志
SUSE syslog-ng 设置
柏青哥的 SuSE Linux Enterprise Server 10 第九章 系統紀錄檔
SUSE Linux Enterprise 11 Desktop/Server - How to Enable Remote Syslog Logging

© 2017, 新之助meow. 原创文章转载请注明: 转载自http://www.xinmeow.com

0.00 avg. rating (0% score) - 0 votes