Log iptables events on centos 7

centos iptables logs dmesg

542

Solution 1

I found the best solution for me: Warning level:

iptables -A INPUT -j LOG --log-prefix "BAD_INPUT: " --log-level 4
iptables -A FORWARD -j LOG --log-prefix "BAD_FORWARD: " --log-level 4
iptables -A OUTPUT -j LOG --log-prefix "BAD_OUTPUT: " --log-level 4

Debug level:

iptables -A INPUT -j LOG --log-prefix "BAD_INPUT: " --log-level 7
iptables -A FORWARD -j LOG --log-prefix "BAD_FORWARD: " --log-level 7
iptables -A OUTPUT -j LOG --log-prefix "BAD_OUTPUT: " --log-level 7

Logs are storred in:

/var/log/messages

Sample output:

Aug  4 13:22:40 centos kernel: BAD_INPUT: IN= OUT=em1 SRC=192.168.1.23 DST=192.168.1.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=59228 SEQ=2
Aug  4 13:23:00 centos kernel: BAD_INPUT: IN=em1 OUT= MAC=a2:be:d2:ab:11:af:e2:f2:00:00 SRC=192.168.2.115 DST=192.168.1.23 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=9434 DF PROTO=TCP SPT=58428 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0

Solution 2

When a packet matches a iptables ... -j LOG rule, a kernel log message is generated. You can specify the severity level of the message using the --log-level <level> option, where the <level> can be one of the standard syslog level identifiers: emerg, alert, crit, error, warning, notice, info or debug.

These log messages are processed by rsyslog: if the severity level is low enough, rsyslog may completely discard the messages. Since the iptables log messages come from the kernel, their logging category will always be kern. So look into /etc/rsyslog.conf to see which is the minimum severity level for kern.* messages to be acted on, and into which log file they will be stored into. Then set an appropriate severity level to your iptables -j LOG rules.

Or use the iptables ... -j LOG --log-prefix <prefix> option to add an identifiable prefix to iptables messages, and then use the advanced features of rsyslog to write the iptables messages into a separate log file.

Solution 3

CentOS 7 uses systemd's journald as the default logs system, and with this the kernel logs (like the ones from iptables) are not directed to /var/log/messages but to journald and should be displayed by passing the -k (meaning kernel logs) to journalctl like this:

journalctl -k

Check the man of journalctl here or any of the many tutorials in the net to find out all the options; but most probably you will use -f to follow the logs, -b to include only logs since the previos boot, --since to select logs by date or --no-pager to disable the default pager on the output.

To generate the logs you will have to use the -j LOG action with iptables as stated in other responses, and most probably you will like to include --limit to prevent from flooding your logs:

iptables -A INPUT -j LOG -limit 1/s --limit-burst 3 --log-prefix "INPUT REJECTED: " --log-level 4

542

Petravd1994

Updated on September 18, 2022

Comments

Petravd1994 almost 2 years

I want to retrieve the image that is stored in the storage of an user and place it next to his name in a custom UITableViewCell. The problem now is that the tableview will load when the images aren't done downloading (I think?), causing the application to crash because the image array is nil. So what is the correct way to load the tableview? I think, for the user experience, it is important that the tableviewcell image should be shown even if the images aren't done downloading, and present them a default image that is saved in the assists. I thought about making an array with UIImages that links to the default asset of loading an image and changing the image to the profile picture when it is done downloading. But I really have no clue how to do that. This is what I got so far about downloading the image:

let storage = FIRStorage.storage()
        let storageRef = storage.reference(forURL: "link.appspot.com")
        channelRef?.observeSingleEvent(of: .value, with: { (snapshot) in
            if let snapDict = snapshot.value as? [String:AnyObject]{
                for each in snapDict{
                    let UIDs = each.value["userID"] as? String
                    if let allUIDS = UIDs{
                        let profilePicRef = storageRef.child((allUIDS)+"/profile_picture.png")
                        profilePicRef.data(withMaxSize: 1 * 500 * 500) { data, error in
                            if let error = error {
                            }
                            if (data != nil)
                            {
                                self.playerImages.append(UIImage (data: data!)!)
                            }
                        }

                    }
let userNames = each.value["username"] as? String
                    if let users = userNames{
                        self.players.append(users)
                    }
                }
        }

        self.tableView.reloadData()
    })

This is in the cellForRow

cell.playersImage.image = playerImages[indexPath.row] as UIImage

My rules, haven't changed it from the default rules:

service firebase.storage {
  match /b/omega-towers-f5beb.appspot.com/o {
    match /{allPaths=**} {
      allow read, write: if request.auth != null;
    }
  }
}

Thank you.

Petravd1994 over 7 years

Im sorry I did not include that in my code. I already initialized playerImages as you do aswell . The problem is that the table will load when the view appears, it will not wait for the images to have loaded. But then again, what I want is to check if the array contains a image, if not, presenting a normal image that is saved in the assets. I can not use the if playerImages != nil in the cellForRow.
Petravd1994 over 7 years

Thank you for your comment. I see some good functions about AlamofireImage, but I am concerned about answering my question. I think my code is not correct, so adding Alamo to my project would not fix my code.
Vandan Patel over 7 years

I have edited my answer. You can check for nil just by using if let statement. if it's nil, it won't go inside if statement. One more thing, if your array is initialized and empty, your numberofrowsinSection should return 0, and cellforrowat IndexPath won't give you an error.
jnewkirk over 7 years

I'm sorry, it's hard to extrapolate exactly what your question is. So if you could elaborate a little more concisely, then maybe I can assist. I thought your original question was how to use a placeholder image in place of a loading image.
debek over 6 years

I want to log all of my iptables events. Not specific rule.
telcoM over 6 years

Then place a LOG rule at the start of INPUT, OUTPUT and FORWARD chains. You will then get a log message of every IP packet your system sends and receives. This may be useful in some troubleshooting situations in isolated networks, but in a typical internet-connected system it is just a good way to fill up your disk with logs. Or... please describe what you think of as an "event"?