IP Tables Log - Ubuntu 14.04 - Webmin 1.710

[morggin]

Hello, I got CFS running under Ubuntu 14.04 and webmin 1.710, but I am still having issues getting the view IPTables Log button to show the log. says "no log entries found". I did see and adjust the log files path for /var/log/syslog but still the same error.

I took a closer look at csf(dot)pl and found --log-prefix was set to add the word Firewall: and Knock: to the syslog. So i added a new my_iptables.conf to /etc/rsyslog.d that contains the lines

:msg,contains,"Firewall: " /var/log/iptables.log
:msg,contains,"Knock: " /var/log/iptables.log

after restarting rsyslog service i now have a /var/log/iptables.log that is being populated. I also adjusted the csf.conf and changed the iptables log location to this.

End result ... i'm still getting "no log entries found" from the view IPTables Log button on Webmin - CSF module.

[ForumAdmin]

You need to post a sample log line from the iptables kernel log line as the regex is not picking up on the format.

[morggin]

Oct 2 07:33:28 noctem kernel: [93945.796995] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:e8:74:8d:00:21:9b:bd:e8:19:08:00 SRC=71.6.167.142 DST=69.160.255.156 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=53247 PROTO=TCP SPT=13277 DPT=27017 WINDOW=17935 RES=0x00 SYN URGP=0

[morggin]

not sure what i did but it now appears to be working.

[ForumAdmin]

Had you remembered to restart lfd after changing IPTABLES_LOG?

[morggin]

that may be it.