ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

IPTABLES_LOG and Viewing Firewall Entries in WHM

https://mail.forum.configserver.com/viewtopic.php?t=1613

Page 1 of 1

IPTABLES_LOG and Viewing Firewall Entries in WHM

Posted: 10 Sep 2008, 00:29
by mt25
Jonathan,

I'm not sure if this is a 'bug' or not If it is not, please forgive the post here.

I am running CSF 4.03

I have configured /etc/syslog.conf so that firewall logging is put in /var/log/kernel.log instead of in /var/log/messages. [messages is too cluttered with other things]

In WHM, in the CSF configuration, I changed the IPTABLES_LOG file.

Was: IPTABLES_LOG = /var/log/messages

Now: IPTABLES_LOG = /var/log/kernel.log

I can see firewall information being dumped into /var/log/kernel.log

If I go into WHM and select Process and View Firewall Report, it indicates that it is processing /var/log/messages... and indeed it is. The only entries that is shows are those entries that were in /var/log/messages before I changed kern.* to log to /var/log/kernel.log.

Am I missing something here, or is this a bug that Process and View Firewall Report won't provide details for /var/log/kernel.log

Mike

Posted: 10 Sep 2008, 16:48
by chirpy
This will be fixed in v4.04

Posted: 10 Sep 2008, 20:51
by mt25
Jonathan,

Thank you. It's working great in 4.05.

Mike

Posted: 19 Feb 2009, 16:34
by mt25
Jonathan,

I'm running CSF v4.53 . It appears that I'm having this same problem again. It may have been going on for many versions.

I have the IPTABLES LOG set to /var/log/kernel.log

Syslog is properly logging to /var/log/kernel.log

There are recent Firewall entries in /var/log/kernel.log

When I attempt to 'View IPTABLES Log', it just comes up saying there are no entries.

I don't know if it isn't bothering to look in /var/log/kernel.log for the log information or if it is having trouble parsing something in /var/log/kernel.log

A typical entry in /var/log/kernel.log looks like:

Feb 19 11:29:04 cpanel1 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:0c:f1:95:a4:c5:00:02:4b:1a:12:f0:08:00 SRC=77.70.106.4 DST=xxx.xxx.xxx.xxx LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=14908 PROTO=TCP SPT=7383 DPT=8088 WINDOW=5840 RES=0x00 SYN URGP=0

(obviously I masked my IP above purposefully)

Any ideas?

Mike

Posted: 19 Feb 2009, 16:38
by chirpy
I think I've found the bug. Should be fixed in the next release.

BTW, do you have PS_INTERVAL set to 0?

Posted: 20 Feb 2009, 15:39
by mt25
Jonathan,

Sorry for the delay. No, PS_INTERVAL was set to 0. I have DROP_IP_LOGGING disabled as well. I did go ahead and set PS_INTERVAL to 60 and I have kept DROP_IP_LOGGING disabled.

Mike

Posted: 20 Feb 2009, 16:02
by chirpy
Mike,

I recently released v4.54 which should fix the issue with or without PS_INTERVAL set :)

Posted: 20 Feb 2009, 17:02
by mt25
Jonathan,

I can verify that it's working now. Updated to 4.54 and it's working fine!

Thank you,

Mike
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited