how to log the ping action from 111.111.111.111 into /var/log/iptables.log?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite
1












My os :centos 7.



yum remove firewalld
yum install -y iptables
yum install -y iptables-services


I want to log all the ping from 111.1111.111.111 into iptables.log.



cat /etc/rsyslog.conf
kern.* /var/log/iptables.log
systemctl restart rsyslog

iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG
iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j DROP
service iptables save
service iptables restart


Now to ping from 111.111.111.111 to my vps.



1.iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j DROPcan work.



ping 104.223.65.117 
PING 104.223.65.117 (104.223.65.117) 56(84) bytes of data. ^C --- 104.223.65.117
ping statistics --- 23 packets transmitted, 0 received, 100% packet loss, time 22003ms


2.iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG can't work



cat /var/log/iptables.log


Nothing in it,how to log the ping action from 111.111.111.111 into /var/log/iptables.log ?



I got some material here:dmesg and iptables



dmesg reads from the kernel log buffer. Since iptables uses kernel logging
facility, that is where iptables log records appear in the first place.
There is no way you can make iptables log entries not appear in dmesg.


Does that means iptables log info can't be writtten into specified file?

Iptables log info can only be written into specified file this way:



dmesg > /var/log/iptables.log


or



dmesg >> /var/log/iptables.log


?



Is there another smart way to log automactically all info into /var/log/iptables.log?







share|improve this question


























    up vote
    2
    down vote

    favorite
    1












    My os :centos 7.



    yum remove firewalld
    yum install -y iptables
    yum install -y iptables-services


    I want to log all the ping from 111.1111.111.111 into iptables.log.



    cat /etc/rsyslog.conf
    kern.* /var/log/iptables.log
    systemctl restart rsyslog

    iptables -N LOGGING
    iptables -A INPUT -j LOGGING
    iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG
    iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j DROP
    service iptables save
    service iptables restart


    Now to ping from 111.111.111.111 to my vps.



    1.iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j DROPcan work.



    ping 104.223.65.117 
    PING 104.223.65.117 (104.223.65.117) 56(84) bytes of data. ^C --- 104.223.65.117
    ping statistics --- 23 packets transmitted, 0 received, 100% packet loss, time 22003ms


    2.iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG can't work



    cat /var/log/iptables.log


    Nothing in it,how to log the ping action from 111.111.111.111 into /var/log/iptables.log ?



    I got some material here:dmesg and iptables



    dmesg reads from the kernel log buffer. Since iptables uses kernel logging
    facility, that is where iptables log records appear in the first place.
    There is no way you can make iptables log entries not appear in dmesg.


    Does that means iptables log info can't be writtten into specified file?

    Iptables log info can only be written into specified file this way:



    dmesg > /var/log/iptables.log


    or



    dmesg >> /var/log/iptables.log


    ?



    Is there another smart way to log automactically all info into /var/log/iptables.log?







    share|improve this question
























      up vote
      2
      down vote

      favorite
      1









      up vote
      2
      down vote

      favorite
      1






      1





      My os :centos 7.



      yum remove firewalld
      yum install -y iptables
      yum install -y iptables-services


      I want to log all the ping from 111.1111.111.111 into iptables.log.



      cat /etc/rsyslog.conf
      kern.* /var/log/iptables.log
      systemctl restart rsyslog

      iptables -N LOGGING
      iptables -A INPUT -j LOGGING
      iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG
      iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j DROP
      service iptables save
      service iptables restart


      Now to ping from 111.111.111.111 to my vps.



      1.iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j DROPcan work.



      ping 104.223.65.117 
      PING 104.223.65.117 (104.223.65.117) 56(84) bytes of data. ^C --- 104.223.65.117
      ping statistics --- 23 packets transmitted, 0 received, 100% packet loss, time 22003ms


      2.iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG can't work



      cat /var/log/iptables.log


      Nothing in it,how to log the ping action from 111.111.111.111 into /var/log/iptables.log ?



      I got some material here:dmesg and iptables



      dmesg reads from the kernel log buffer. Since iptables uses kernel logging
      facility, that is where iptables log records appear in the first place.
      There is no way you can make iptables log entries not appear in dmesg.


      Does that means iptables log info can't be writtten into specified file?

      Iptables log info can only be written into specified file this way:



      dmesg > /var/log/iptables.log


      or



      dmesg >> /var/log/iptables.log


      ?



      Is there another smart way to log automactically all info into /var/log/iptables.log?







      share|improve this question














      My os :centos 7.



      yum remove firewalld
      yum install -y iptables
      yum install -y iptables-services


      I want to log all the ping from 111.1111.111.111 into iptables.log.



      cat /etc/rsyslog.conf
      kern.* /var/log/iptables.log
      systemctl restart rsyslog

      iptables -N LOGGING
      iptables -A INPUT -j LOGGING
      iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG
      iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j DROP
      service iptables save
      service iptables restart


      Now to ping from 111.111.111.111 to my vps.



      1.iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j DROPcan work.



      ping 104.223.65.117 
      PING 104.223.65.117 (104.223.65.117) 56(84) bytes of data. ^C --- 104.223.65.117
      ping statistics --- 23 packets transmitted, 0 received, 100% packet loss, time 22003ms


      2.iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG can't work



      cat /var/log/iptables.log


      Nothing in it,how to log the ping action from 111.111.111.111 into /var/log/iptables.log ?



      I got some material here:dmesg and iptables



      dmesg reads from the kernel log buffer. Since iptables uses kernel logging
      facility, that is where iptables log records appear in the first place.
      There is no way you can make iptables log entries not appear in dmesg.


      Does that means iptables log info can't be writtten into specified file?

      Iptables log info can only be written into specified file this way:



      dmesg > /var/log/iptables.log


      or



      dmesg >> /var/log/iptables.log


      ?



      Is there another smart way to log automactically all info into /var/log/iptables.log?









      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 14 '17 at 10:12

























      asked Nov 11 '17 at 14:07









      it_is_a_literature

      21232350




      21232350




















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          4
          down vote



          +150










          Let's look at what your setup does:



          iptables -N LOGGING


          You create a new chain called LOGGING (which never gets any rules later on).



          iptables -A INPUT -j LOGGING


          All packets traversing the input chain jump to LOGGING. All rules after this rules will be ignored, as you never return from the LOGGING chain.



          iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG


          This rule is inserted after the above jump, and never executed.



          iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j DROP


          After logging it, you want to drop the packet, meaning a reply won't be generated. Not sure if this is your intention.




          So, don't do this. Clear all those rules with iptables -F INPUT, and then do instead just



          iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG


          Nothing else. Now do a ping and see if it shows up in the syslog (it does on my system).



          If you really need to, you can add a rule to drop the ping afterwards.






          share|improve this answer



























            up vote
            0
            down vote



            accepted










            The type of vps matter.

            My vps'type is openvz.

            The log file will display by dmesg and not written automatically into custome log file,it is a bug in openvz.

            To change my vps into a kvm vps, problem solved.






            share|improve this answer




















              Your Answer







              StackExchange.ready(function()
              var channelOptions =
              tags: "".split(" "),
              id: "106"
              ;
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function()
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled)
              StackExchange.using("snippets", function()
              createEditor();
              );

              else
              createEditor();

              );

              function createEditor()
              StackExchange.prepareEditor(
              heartbeatType: 'answer',
              convertImagesToLinks: false,
              noModals: false,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: null,
              bindNavPrevention: true,
              postfix: "",
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              );



              );













               

              draft saved


              draft discarded


















              StackExchange.ready(
              function ()
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f403903%2fhow-to-log-the-ping-action-from-111-111-111-111-into-var-log-iptables-log%23new-answer', 'question_page');

              );

              Post as a guest






























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes








              up vote
              4
              down vote



              +150










              Let's look at what your setup does:



              iptables -N LOGGING


              You create a new chain called LOGGING (which never gets any rules later on).



              iptables -A INPUT -j LOGGING


              All packets traversing the input chain jump to LOGGING. All rules after this rules will be ignored, as you never return from the LOGGING chain.



              iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG


              This rule is inserted after the above jump, and never executed.



              iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j DROP


              After logging it, you want to drop the packet, meaning a reply won't be generated. Not sure if this is your intention.




              So, don't do this. Clear all those rules with iptables -F INPUT, and then do instead just



              iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG


              Nothing else. Now do a ping and see if it shows up in the syslog (it does on my system).



              If you really need to, you can add a rule to drop the ping afterwards.






              share|improve this answer
























                up vote
                4
                down vote



                +150










                Let's look at what your setup does:



                iptables -N LOGGING


                You create a new chain called LOGGING (which never gets any rules later on).



                iptables -A INPUT -j LOGGING


                All packets traversing the input chain jump to LOGGING. All rules after this rules will be ignored, as you never return from the LOGGING chain.



                iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG


                This rule is inserted after the above jump, and never executed.



                iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j DROP


                After logging it, you want to drop the packet, meaning a reply won't be generated. Not sure if this is your intention.




                So, don't do this. Clear all those rules with iptables -F INPUT, and then do instead just



                iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG


                Nothing else. Now do a ping and see if it shows up in the syslog (it does on my system).



                If you really need to, you can add a rule to drop the ping afterwards.






                share|improve this answer






















                  up vote
                  4
                  down vote



                  +150







                  up vote
                  4
                  down vote



                  +150




                  +150




                  Let's look at what your setup does:



                  iptables -N LOGGING


                  You create a new chain called LOGGING (which never gets any rules later on).



                  iptables -A INPUT -j LOGGING


                  All packets traversing the input chain jump to LOGGING. All rules after this rules will be ignored, as you never return from the LOGGING chain.



                  iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG


                  This rule is inserted after the above jump, and never executed.



                  iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j DROP


                  After logging it, you want to drop the packet, meaning a reply won't be generated. Not sure if this is your intention.




                  So, don't do this. Clear all those rules with iptables -F INPUT, and then do instead just



                  iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG


                  Nothing else. Now do a ping and see if it shows up in the syslog (it does on my system).



                  If you really need to, you can add a rule to drop the ping afterwards.






                  share|improve this answer












                  Let's look at what your setup does:



                  iptables -N LOGGING


                  You create a new chain called LOGGING (which never gets any rules later on).



                  iptables -A INPUT -j LOGGING


                  All packets traversing the input chain jump to LOGGING. All rules after this rules will be ignored, as you never return from the LOGGING chain.



                  iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG


                  This rule is inserted after the above jump, and never executed.



                  iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j DROP


                  After logging it, you want to drop the packet, meaning a reply won't be generated. Not sure if this is your intention.




                  So, don't do this. Clear all those rules with iptables -F INPUT, and then do instead just



                  iptables -A INPUT -p icmp --icmp-type 8 --source 111.111.111.111 -j LOG


                  Nothing else. Now do a ping and see if it shows up in the syslog (it does on my system).



                  If you really need to, you can add a rule to drop the ping afterwards.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 14 '17 at 10:38









                  dirkt

                  14.2k2931




                  14.2k2931






















                      up vote
                      0
                      down vote



                      accepted










                      The type of vps matter.

                      My vps'type is openvz.

                      The log file will display by dmesg and not written automatically into custome log file,it is a bug in openvz.

                      To change my vps into a kvm vps, problem solved.






                      share|improve this answer
























                        up vote
                        0
                        down vote



                        accepted










                        The type of vps matter.

                        My vps'type is openvz.

                        The log file will display by dmesg and not written automatically into custome log file,it is a bug in openvz.

                        To change my vps into a kvm vps, problem solved.






                        share|improve this answer






















                          up vote
                          0
                          down vote



                          accepted







                          up vote
                          0
                          down vote



                          accepted






                          The type of vps matter.

                          My vps'type is openvz.

                          The log file will display by dmesg and not written automatically into custome log file,it is a bug in openvz.

                          To change my vps into a kvm vps, problem solved.






                          share|improve this answer












                          The type of vps matter.

                          My vps'type is openvz.

                          The log file will display by dmesg and not written automatically into custome log file,it is a bug in openvz.

                          To change my vps into a kvm vps, problem solved.







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered Nov 14 '17 at 12:41









                          it_is_a_literature

                          21232350




                          21232350



























                               

                              draft saved


                              draft discarded















































                               


                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function ()
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f403903%2fhow-to-log-the-ping-action-from-111-111-111-111-into-var-log-iptables-log%23new-answer', 'question_page');

                              );

                              Post as a guest













































































                              Popular posts from this blog

                              How to check contact read email or not when send email to Individual?

                              Displaying single band from multi-band raster using QGIS

                              How many registers does an x86_64 CPU actually have?