📄 ipchains log format.htm
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0045)http://logi.cc/linux/ipchains-log-format.php3 -->
<HTML><HEAD><TITLE>ipchains Log Format</TITLE>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<STYLE type=text/css>CAPTION.s12 {
FONT: 12pt sans-serif
}
P {
FONT: 12pt sans-serif
}
P.t6 {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; FONT: 6pt sans-serif
}
P.ErrorBig {
MARGIN-TOP: 18pt; MARGIN-BOTTOM: 18pt; FONT: bold 16pt sans-serif; COLOR: red; TEXT-DECORATION: blink
}
P.nomargin {
MARGIN-TOP: 0pt; MARGIN-BOTTOM: 0pt
}
INPUT.button {
BORDER-RIGHT: #2c3a4b outset; BORDER-TOP: #acbaca outset; FONT: bold 10pt sans-serif; BORDER-LEFT: #acbaca outset; COLOR: white; BORDER-BOTTOM: #2c3a4b outset; BACKGROUND-COLOR: #597596
}
INPUT.button:active {
BORDER-LEFT-COLOR: #2c3a4b; BORDER-BOTTOM-COLOR: #acbaca; BORDER-TOP-COLOR: #2c3a4b; BORDER-RIGHT-COLOR: #acbaca
}
INPUT.i10 {
FONT: bold 8pt sans-serif; COLOR: white; BACKGROUND-COLOR: #597596
}
INPUT.s12 {
FONT: 12pt sans-serif
}
INPUT.s10 {
FONT: 10pt sans-serif
}
INPUT.s8 {
FONT: 8pt sans-serif
}
TD {
FONT: 12pt sans-serif
}
TD.s10 {
FONT: 10pt sans-serif
}
TD.s8 {
FONT: 8pt sans-serif
}
TD.s6 {
FONT: 6pt sans-serif
}
A {
FONT: 12pt sans-serif
}
A.s10 {
FONT: 10pt sans-serif
}
A.s8 {
FONT: 8pt sans-serif
}
A.s6 {
FONT: 6pt sans-serif
}
A.White10 {
FONT: bold 10pt sans-serif; COLOR: white
}
P.s12 {
FONT: 12pt sans-serif
}
P.s10 {
FONT: 10pt sans-serif
}
P.s8 {
FONT: 8pt sans-serif
}
P.s6 {
FONT: 8pt sans-serif
}
UL {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 9pt
}
H1 {
FONT: bold 20pt sans-serif
}
H2 {
FONT: bold 18pt sans-serif
}
H3 {
FONT: bold 16pt sans-serif
}
H4 {
FONT: bold 14pt sans-serif
}
H5 {
FONT: bold 12pt sans-serif
}
H6 {
FONT: bold 10pt sans-serif
}
TD.Title {
FONT: bold 20pt sans-serif; COLOR: white; BACKGROUND-COLOR: #597596; TEXT-ALIGN: center
}
A.SideMenu16 {
MARGIN-TOP: 0pt; MARGIN-BOTTOM: 0pt; FONT: bold 16pt sans-serif; COLOR: white; TEXT-ALIGN: left
}
P.SideMenu16 {
MARGIN-TOP: 0pt; MARGIN-BOTTOM: 0pt; FONT: bold 16pt sans-serif; COLOR: white; TEXT-ALIGN: left
}
A.SideMenu10 {
MARGIN-TOP: 0pt; MARGIN-BOTTOM: 0pt; FONT: bold 10pt sans-serif; COLOR: white; TEXT-ALIGN: left
}
P.SideMenu10 {
MARGIN-TOP: 0pt; MARGIN-BOTTOM: 0pt; FONT: bold 10pt sans-serif; COLOR: white; TEXT-ALIGN: left
}
TD.SideMenu {
MARGIN-TOP: 12pt; MARGIN-BOTTOM: 6pt; FONT: bold 12pt sans-serif; COLOR: white; TEXT-ALIGN: left
}
P.SideMenu {
MARGIN-TOP: 12pt; MARGIN-BOTTOM: 6pt; FONT: bold 12pt sans-serif; COLOR: white; TEXT-ALIGN: left
}
A.SideMenu {
MARGIN-TOP: 12pt; MARGIN-BOTTOM: 6pt; FONT: bold 12pt sans-serif; COLOR: white; TEXT-ALIGN: left
}
A.SideMenu:link {
COLOR: white
}
A.SideMenu:visited {
COLOR: yellow
}
TD.SideSubMenu {
MARGIN-TOP: 2pt; MARGIN-BOTTOM: 0pt; FONT: bold 10pt sans-serif; MARGIN-LEFT: 8pt; COLOR: white; TEXT-ALIGN: left
}
P.SideSubMenu {
MARGIN-TOP: 2pt; MARGIN-BOTTOM: 0pt; FONT: bold 10pt sans-serif; MARGIN-LEFT: 8pt; COLOR: white; TEXT-ALIGN: left
}
A.SideSubMenu {
MARGIN-TOP: 2pt; MARGIN-BOTTOM: 0px; FONT: bold 10pt sans-serif; COLOR: white; TEXT-ALIGN: left
}
A.SideSubMenu:link {
COLOR: white
}
A.SideSubMenu:visited {
COLOR: yellow
}
FORM.SideSubMenu {
MARGIN-TOP: 2pt; MARGIN-BOTTOM: 0px; FONT: 10pt sans-serif; MARGIN-LEFT: 8pt; COLOR: white; TEXT-ALIGN: left
}
INPUT.SideSubMenu {
PADDING-RIGHT: 0px; MARGIN-TOP: 0.3em; PADDING-LEFT: 0px; MARGIN-BOTTOM: 0px; PADDING-BOTTOM: 0px; FONT: 10pt sans-serif; COLOR: white; PADDING-TOP: 0px; TEXT-ALIGN: left
}
TD.SideSub2Menu {
MARGIN-TOP: 2pt; MARGIN-BOTTOM: 0pt; FONT: bold 10pt sans-serif; MARGIN-LEFT: 16pt; COLOR: white; TEXT-ALIGN: left
}
P.SideSub2Menu {
MARGIN-TOP: 2pt; MARGIN-BOTTOM: 0pt; FONT: bold 10pt sans-serif; MARGIN-LEFT: 16pt; COLOR: white; TEXT-ALIGN: left
}
A.SideSub2Menu {
MARGIN-TOP: 2pt; MARGIN-BOTTOM: 0px; FONT: bold 10pt sans-serif; COLOR: white; TEXT-ALIGN: left
}
A.SideSub2Menu:link {
COLOR: white
}
A.SideSub2Menu:visited {
COLOR: yellow
}
</STYLE>
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY bgColor=#f0f0f0>
<TABLE cellSpacing=0 cellPadding=5 width="100%" border=0>
<TBODY>
<TR vAlign=top>
<TD align=left width="5%" bgColor=#597596 height=50> </TD>
<TD class=Title vAlign=center>ipchains Log Format</TD>
<TR>
<TD vAlign=top align=left bgColor=#597596>
<P class=SideMenu><A class=SideMenu href="http://logi.cc/">HOME</A>
<BR>
<HR>
<P class=SideMenu><A class=SideMenu
href="http://logi.cc/nw/index.php3">Network:</A>
<P class=SideSubMenu><A class=SideSubMenu
href="http://logi.cc/nw/NetCalc.php3">NetCalc</A>
<P class=SideSubMenu><A class=SideSubMenu
href="http://logi.cc/nw/NetBitCalc.html">NetBitCalc</A>
<P class=SideSubMenu><A class=SideSubMenu
href="http://logi.cc/nw/whois.php3">Whois</A> <BR>
<HR>
<P class=SideMenu><A class=SideMenu
href="http://logi.cc/linux/index.php3">Linux:</A>
<P class=SideSubMenu><A class=SideSubMenu
href="http://logi.cc/linux/athome-firewall.php3">Firewall</A>
<P class=SideSubMenu><A class=SideSubMenu
href="http://logi.cc/linux/reject_or_deny.php3">REJECT or DENY?</A>
<P class=SideSubMenu><A class=SideSubMenu
href="http://logi.cc/linux/ipchains-log-format.php3">ipchains log
format</A>
<P class=SideSubMenu><A class=SideSubMenu
href="http://logi.cc/linux/netfilter-log-format.php3">Netfilter log
format</A>
<P class=SideSub2Menu><A class=SideSub2Menu
href="http://logi.cc/linux/NF-log-issues.php3">Issues</A>
<P class=SideSubMenu><A class=SideSubMenu
href="http://logi.cc/linux/NetfilterLogAnalyzer.php3">NetfilterLogAnalyzer</A>
<BR>
<HR>
<FORM method=post>
<P class=SideMenu>Links:
<P class=SideSubMenu><A class=SideSubMenu
href="http://www.linuxdoc.org/HOWTO/HOWTO-INDEX/howtos.html">Linux
HOWTOs</A>
<P class=SideSubMenu><A class=SideSubMenu
href="http://www.linuxsecurity.com/docs/colsfaq.html">c.o.l.security
FAQ</A>
<P class=SideSubMenu><A class=SideSubMenu
href="http://www.faqs.org/">FAQs.ORG</A>
<P class=SideSubMenu><A class=SideSubMenu
href="http://www.faqs.org/rfcs/rfc-index.html">RFC Index (full)</A>
<P class=SideSubMenu>RFC <INPUT maxLength=5 size=5
name=rfc> <INPUT class=SideSubMenu type=image height=11 alt=Go
width=11 src="ipchains Log Format.files/r-arrow-b-w.gif" border=0>
</FORM><BR> <BR>
<HR>
</TD>
<TD vAlign=top>
<BLOCKQUOTE>
<TABLE cellSpacing=0 cellPadding=0 width=640 border=0>
<TBODY>
<TR>
<TD>Here is a quick reference for the format used by the ipchains
log messages. This is mostly taken from the <I><A
href="http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html">ipchains-HOWTO-1.0.7</A></I>
<P>A typical log message generated by ipchains:
<P><TT><B>Jun 16 08:00:38 megahard kernel: Packet log: forward
DENY </B></TT><BR><TT><B>eth1 PROTO=17 a.b.c.d:234 w.x.y.z:34567
L=78 S=0x00 I=13413 </B></TT><BR><TT><B>F=0x0000 T=112
(#16)</B></TT>
<P>To have a log message like this <B>automatically analyzed</B>,
you can now use the <B><A
href="http://logi.cc/linux/NetfilterLogAnalyzer.php3">Netfilter
Log Analyzer</A></B>, try it.
<P>The leading part is self explanatory. The remaining items
are explained in sequence here: </P></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=2 width=640 border=1>
<TBODY>
<TR bgColor=#e0ffe0>
<TD><TT>forward</TT></TD>
<TD>Name of the chain which was traversed by the packet</TD></TR>
<TR bgColor=#e0ffe0>
<TD><TT>DENY</TT></TD>
<TD>action taken by ipchains</TD></TR>
<TR bgColor=#e0ffe0>
<TD><TT>eth1</TT></TD>
<TD>interface the packet was passing through</TD></TR>
<TR bgColor=#e2e2e2>
<TD><TT>PROTO=17</TT></TD>
<TD>Protocol number. A list is in your
<I>/etc/protocols</I>. A complete list is in the file <A
href="http://www.isi.edu/in-notes/iana/assignments/protocol-numbers"><B><I>protocol-numbers</I></B></A>
</TD></TR>
<TR bgColor=#e2e2e2>
<TD><TT>a.b.c.d</TT></TD>
<TD>source IP address</TD></TR>
<TR bgColor=#ffffe0>
<TD><TT>234</TT></TD>
<TD>source port (TCP and UDP) or the ICMP type. A list of
port numbers is in your /<I>etc/services</I>. A complete
list is in the file <A
href="http://www.isi.edu/in-notes/iana/assignments/port-numbers"><B><I>port-numbers</I></B></A>
</TD></TR>
<TR bgColor=#e2e2e2>
<TD><TT>w.x.y.z</TT></TD>
<TD>destination IP address</TD></TR>
<TR bgColor=#ffffe0>
<TD><TT>34567</TT></TD>
<TD>destination port (TCP and UDP) or the ICMP code. A list
of ICMP types and codes is in the file <A
href="http://www.isi.edu/in-notes/iana/assignments/icmp-parameters"><B><I>icmp-parameters</I></B></A>
</TD></TR>
<TR bgColor=#e2e2e2>
<TD><TT>L=78</TT></TD>
<TD>total Length of packet in bytes</TD></TR>
<TR bgColor=#e2e2e2>
<TD><TT>S=0x00</TT></TD>
<TD>type of Service (TOS), only 4 bits used these days, not
important for firewall purposes </TD></TR>
<TR bgColor=#e2e2e2>
<TD><TT>I=13413</TT></TD>
<TD>IP-ID, increments with each packet sent</TD></TR>
<TR bgColor=#e2e2e2>
<TD><TT>F=0x0000</TT></TD>
<TD>Flags (3 bits) and Fragment offset (13 bits)</TD></TR>
<TR bgColor=#e2e2e2>
<TD><TT>T=112</TT></TD>
<TD>Time to live (TTL) or hops remaining before packet is
dropped</TD></TR>
<TR bgColor=#e0ffe0>
<TD><TT>(#16)</TT></TD>
<TD>rule number in the chain which matched the packet and caused
the log</TD></TR></TBODY></TABLE>
<P>More interesting files, such as <B><EM>multicast-addresses</EM></B>,
can be found in <A
href="http://www.isi.edu/in-notes/iana/assignments/">http://www.isi.edu/in-notes/iana/assignments/</A>.
</P></BLOCKQUOTE> <BR>
<H2>Protocol Header Information </H2><A name=IPheader></A>
<H4>IP Header Format as defined in <A
href="http://www.faqs.org/rfcs/rfc791.html">RFC-791</A>:</H4>
<BLOCKQUOTE>
<TABLE cellSpacing=0 cellPadding=0 width=640 border=1>
<TBODY>
<TR>
<TD align=middle width=20>0</TD>
<TD align=middle width=20>1</TD>
<TD align=middle width=20>2</TD>
<TD align=middle width=20>3</TD>
<TD align=middle width=20>4</TD>
<TD align=middle width=20>5</TD>
<TD align=middle width=20>6</TD>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -