Saturday, February 25, 2012

syslug-ng after install complease

when you install syslog-ng complete next step start IPTABLES and put command for add rule


iptables -t nat -N logging
iptables -t nat -A PREROUTING -j logging
iptables -t nat -A POSTROUTING -j logging
iptables -A INPUT -j LOG --log-level info --log-prefix "INPUT "
iptables -A OUTPUT -j LOG --log-level info --log-prefix "OUTPUT "
iptables -A FORWARD -j LOG --log-level info --log-prefix "FORWARD "
iptables -t nat -A logging -p tcp --dport 80 -j LOG --log-prefix "HTTP: " --log-level info
iptables -t nat -A logging -p tcp --dport 443 -j LOG --log-prefix "HTTPS: " --log-level info
iptables -t nat -A logging -p tcp --dport 25 -j LOG --log-prefix "SMTP: " --log-level info
iptables -t nat -A logging -p tcp --dport 21 -j LOG --log-prefix "FTP: " --log-level info
iptables -t nat -A logging -p tcp --dport 143 -j LOG --log-prefix "IMAP: " --log-level info
iptables -t nat -A logging -p tcp --dport 110 -j LOG --log-prefix "POP3: " --log-level info
iptables -t nat -A logging -p tcp --dport 1863 -j LOG --log-prefix "MSN: " --log-level info
iptables -t nat -A logging -p tcp --dport 5222 -j LOG --log-prefix "JABBER: " --log-level info
iptables -t nat -A logging -p tcp --dport 5223 -j LOG --log-prefix "JABBERS: " --log-level info
iptables -t nat -A logging -p tcp --dport 5190 -j LOG --log-prefix "ICQ/AIM: " --log-level info
iptables -t nat -A logging -p tcp --dport 5050 -j LOG --log-prefix "YAHOO: " --log-level info
iptables -t nat -A logging -p tcp --dport 6667 -j LOG --log-prefix "IRC: " --log-level info
iptables -t nat -A logging -p tcp --dport 8074 -j LOG --log-prefix "GADU-GADU: " --log-level info
iptables -t nat -A POSTROUTING -p tcp --dport 1863 -m limit --limit 5/min -j LOG --log-prefix "MSN: " --log-level WARN
iptables -t nat -A POSTROUTING -p tcp --dport 5190 -m limit --limit 5/min -j LOG --log-prefix "ICQ/AIM: " --log-level WARN
iptables -t nat -A POSTROUTING -p tcp --dport 5050 -m limit --limit 5/min -j LOG --log-prefix "Yahoo: " --log-level WARN
iptables -t nat -A POSTROUTING -p tcp --dport 6667 -m limit --limit 5/min -j LOG --log-prefix "IRC: " --log-level WARN


and add

# syslog-ng
iptables -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/255.255.255.0 -p udp -m state --state NEW -m udp --dport 514 -j ACCEPT

into /etc/rc.d/rc.local


and use command
$service iptables save
$service iptables restart

and
$cd /var/log/net-daily
$ls

just you can see logfile


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)