I have Ubuntu 10.04.2LTS 32-bit Desktop Edition and it's the same on 3 different systems.

iptables and sudo aren't logging and I need them to be.

1) None of them have the auth.log in /etc which is used for logging sudo commands/login authorizations

2) None of them have the syslog.conf file in /etc (but one does exist under /usr/share/logwatch/default.conf/logfiles/syslog.conf)

3) I've looked in the "Log Viewer" in Gnome and in /etc

I need to enable and monitor these loggings somehow.

asked 14 Apr '11, 13:53

Ron's gravatar image

Ron ♦
accept rate: 13%

I figured it out. I installed sysklogd, had to setup logging in iptables and a few minor tweaks to get it going, so I solved it myself.


answered 17 Apr '11, 22:52

Ron's gravatar image

Ron ♦
accept rate: 13%

iptables will only log, if you tell it to, and then depending on which log level you chose will depend on where it's directed. Once you know that you can setup in syslog.conf where the file is placed. Sudo tends to log whereever ssh does.


answered 14 Apr '11, 15:56

rfelsburg's gravatar image

rfelsburg ♦
accept rate: 25%

I installed sysklogd but it's not running as a daemon yet. You can see my iptables setup at http://dl.dropbox.com/u/914191/install-script/TESTING/iptables-140.sh

(14 Apr '11, 16:59) Ron ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 14 Apr '11, 13:53

Seen: 2,418 times

Last updated: 17 Apr '11, 22:52

powered by OSQA