IPTABLES_LOG and Viewing Firewall Entries in WHM

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
mt25
Junior Member
Posts: 18
Joined: 09 Sep 2008, 16:26

IPTABLES_LOG and Viewing Firewall Entries in WHM

Post by mt25 »

Jonathan,

I'm not sure if this is a 'bug' or not If it is not, please forgive the post here.

I am running CSF 4.03

I have configured /etc/syslog.conf so that firewall logging is put in /var/log/kernel.log instead of in /var/log/messages. [messages is too cluttered with other things]

In WHM, in the CSF configuration, I changed the IPTABLES_LOG file.

Was: IPTABLES_LOG = /var/log/messages

Now: IPTABLES_LOG = /var/log/kernel.log

I can see firewall information being dumped into /var/log/kernel.log

If I go into WHM and select Process and View Firewall Report, it indicates that it is processing /var/log/messages... and indeed it is. The only entries that is shows are those entries that were in /var/log/messages before I changed kern.* to log to /var/log/kernel.log.

Am I missing something here, or is this a bug that Process and View Firewall Report won't provide details for /var/log/kernel.log

Mike
Top
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

This will be fixed in v4.04
Top
mt25
Junior Member
Posts: 18
Joined: 09 Sep 2008, 16:26

Post by mt25 »

Jonathan,

Thank you. It's working great in 4.05.

Mike
Top
mt25
Junior Member
Posts: 18
Joined: 09 Sep 2008, 16:26

Post by mt25 »

Jonathan,

I'm running CSF v4.53 . It appears that I'm having this same problem again. It may have been going on for many versions.

I have the IPTABLES LOG set to /var/log/kernel.log

Syslog is properly logging to /var/log/kernel.log

There are recent Firewall entries in /var/log/kernel.log

When I attempt to 'View IPTABLES Log', it just comes up saying there are no entries.

I don't know if it isn't bothering to look in /var/log/kernel.log for the log information or if it is having trouble parsing something in /var/log/kernel.log

A typical entry in /var/log/kernel.log looks like:

Feb 19 11:29:04 cpanel1 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:0c:f1:95:a4:c5:00:02:4b:1a:12:f0:08:00 SRC=77.70.106.4 DST=xxx.xxx.xxx.xxx LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=14908 PROTO=TCP SPT=7383 DPT=8088 WINDOW=5840 RES=0x00 SYN URGP=0

(obviously I masked my IP above purposefully)

Any ideas?

Mike
Top
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

I think I've found the bug. Should be fixed in the next release.

BTW, do you have PS_INTERVAL set to 0?
Top
mt25
Junior Member
Posts: 18
Joined: 09 Sep 2008, 16:26

Post by mt25 »

Jonathan,

Sorry for the delay. No, PS_INTERVAL was set to 0. I have DROP_IP_LOGGING disabled as well. I did go ahead and set PS_INTERVAL to 60 and I have kept DROP_IP_LOGGING disabled.

Mike
Top
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

Mike,

I recently released v4.54 which should fix the issue with or without PS_INTERVAL set :)
Top
mt25
Junior Member
Posts: 18
Joined: 09 Sep 2008, 16:26

Post by mt25 »

Jonathan,

I can verify that it's working now. Updated to 4.54 and it's working fine!

Thank you,

Mike
Top
Post Reply

Return to “Report Bugs (csf)”