Iptables logging in Ubuntu

Jimbob

10/16/23, 8:51 AM

I have set up Cowrie (2222) and SSH (2233) on a Ubuntu server, to block all traffic except Cowrie and SSH, I have run the following commands:

iptables -A INPUT -p tcp --dport 2222 -j ACCEPT
iptables -A INPUT -p tcp --dport 2233 -j ACCEPT
iptables -P INPUT DROP

Now I need to log all SSH, Honeypot and Cowrie traffic with the following prefix

"SSH_Traffic, Honeypot_Traffic, Blocked_Traffic".

I would appreciate if someone could help with this?

148

1 + 1

iptables

logging

David

10/16/23, 8:52 AM

What version of Ubuntu are you using?

Score:0

Ubuntu

Doug Smythies

10/16/23, 2:02 PM

What you have asked for will flood your log files, use with caution.

iptables -A INPUT -p tcp --dport 2222 -j LOG --log-prefix "Cowrie_Traffic:" --log-level info
iptables -A INPUT -p tcp --dport 2222 -j ACCEPT
iptables -A INPUT -p tcp --dport 2223 -j LOG --log-prefix "SSH_Traffic:" --log-level info
iptables -A INPUT -p tcp --dport 2233 -j ACCEPT
iptables -A INPUT -j LOG --log-prefix "Blocked_Traffic:" --log-level info
iptables -P INPUT DROP

Honeypot_Traffic you did not tell us about.

+ 1

Jimbob

10/17/23, 12:42 AM

Thanks Doug. I will give it a go

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Iptables logging in Ubuntu

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.