Ubuntu
rsyslog package

  1. Bug #450002
  2. Comment #3

Comment 3 for bug 450002

Revision history for this message
Brownout (brownout) wrote :

:msg, contains, "FW_TEST" /var/log/firewall
It catches the sudo command line used to add the test rule:
Oct 13 18:59:54 grid sudo: brownout : TTY=pts/1 ; PWD=/home/brownout ; USER=root ; COMMAND=/sbin/iptables -I INPUT -p tcp --dport 80 -j LOG --log-prefix FW_TEST:

but it doesn't log the connection attempt, which is correctly reported in dmesg:
[65180.603408] FW_TEST: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19095 DF PROTO=TCP SPT=60757 DPT=80 WINDOW=32792 RES=0x00 SYN URGP=0