cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Comerford <davest...@gmail.com>
Subject Re: Virtual Router Firewall Logs
Date Fri, 05 Jul 2013 16:21:48 GMT
You could SSH into each virtual router and append some logging rules into
the existing chains. The rules go into the mangle table.

If you wanted to log all drops then you could go for something like this.
#* iptables -I FIREWALL_10.144.100.109 3 -t mangle -j LOG*

I put this in line 3 of my FIREWALL_10.144.100.109 chain, just above the
DROP so it looks something like:
*# iptables -n -v --line-numbers -t mangle -L FIREWALL_10.144.100.109
Chain FIREWALL_10.144.100.109 (1 references)
num   pkts bytes target     prot opt in     out     source
destination
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0           state RELATED,ESTABLISHED
2        0     0 RETURN     tcp  --  *      *       2.2.2.2
0.0.0.0/0           tcp dpt:69
3        2   120 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0           LOG flags 0 level 4
4        2   120 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0
*
Now here's the problems with doing this....
1. The logging rules are blown away if anyone adds OR removes any firewall
rules.
2. You will lose the rules if the router is ever re-created for upgrades
etc.

So all in all it might not be worth the effort.
It is a feature people do ask about quite a bit though so could be worth a
feature request.

Best regards,
David Comerford
Mobile: +353 87 1238295
Email: davestyle@gmail.com
Website: http://dave.ie
GPG key: http://pgp.dave.ie


On 5 July 2013 10:43, Ahmad Emneina <aemneina@gmail.com> wrote:

> you might have to enable that manually on the router, via iptables or
> rsyslog, i dont see it being logged myself.
>
>
> On Fri, Jul 5, 2013 at 1:57 AM, Len Bellemore <
> Len.Bellemore@controlcircle.com> wrote:
>
> > Hi Guys,
> >
> > Does anyone know where the virtual router logs firewall access requests?
> >  I guess it would be an iptables log of some sort.
> >
> > I don't see much in /var/log/messages other than rules being applied.
> >
> > Many Thanks
> >
> > Len
> >
> > ________________________________
> > IMPORTANT NOTICE. This electronic message contains information from
> > Control Circle Ltd, which may be privileged or confidential. The
> > information is intended for use only by the individual(s) or entity named
> > above. If you are not the intended recipient, be aware that any
> disclosure,
> > copying, distribution or use of the contents of this information is
> > strictly prohibited. If you have received this electronic message in
> error,
> > please notify me by telephone or email (to the number or email address
> > above) immediately. Activity and use of the ControlCircle e-mail system
> is
> > monitored to secure its effective operation and for other lawful business
> > purposes. Communications using this system will also be monitored and may
> > be recorded to secure effective operation and for other lawful business
> > purposes
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message