:msg, contains, "FW_TEST" /var/log/firewall
It catches the sudo command line used to add the test rule:
Oct 13 18:59:54 grid sudo: brownout : TTY=pts/1 ; PWD=/home/brownout ; USER=root ; COMMAND=/sbin/iptables -I INPUT -p tcp --dport 80 -j LOG --log-prefix FW_TEST:
but it doesn't log the connection attempt, which is correctly reported in dmesg:
[65180.603408] FW_TEST: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19095 DF PROTO=TCP SPT=60757 DPT=80 WINDOW=32792 RES=0x00 SYN URGP=0
:msg, contains, "FW_TEST" /var/log/firewall /sbin/iptables -I INPUT -p tcp --dport 80 -j LOG --log-prefix FW_TEST:
It catches the sudo command line used to add the test rule:
Oct 13 18:59:54 grid sudo: brownout : TTY=pts/1 ; PWD=/home/brownout ; USER=root ; COMMAND=
but it doesn't log the connection attempt, which is correctly reported in dmesg: 00:00:00: 00:00:00: 00:00:00: 00:00:08: 00 SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19095 DF PROTO=TCP SPT=60757 DPT=80 WINDOW=32792 RES=0x00 SYN URGP=0
[65180.603408] FW_TEST: IN=lo OUT= MAC=00: