Tuesday, November 1, 2011

Move IPTables log events to a separate logfile

Today some botnet tried to connect to my server over 26,000 times in five hours. They might still be trying.

I have strong firewall protection, and I log all those dropped packets from the firewall. but the records of more than 26,000 dropped packets is filling my syslog and making it unusable.

I used the instructions here to shift that reporting to a separate iptables log, plus enabled logrotate so it gets changed out daily.

No comments: