0
I am trying to make rsyslog to log messages from iptables MASQUERADE. I have iptables LOG rule in nat table and PREROUTING chain before the MASQUERADE rules.
The actual iptables rules:
iptables -t nat -A POSTROUTING -s 10.0.1.0/24 ! -d 10.0.1.0/24 -j LOG --log-prefix "FireWallFW: "
iptables -t nat -A POSTROUTING -s 10.0.1.0/24 ! -d 10.0.1.0/24 -j MASQUERADE
When I send 100 new packages through the MASQUERADE, iptables counters indicate the 100 packages were matched by both the MASQUERADE as well as by the LOG rules. Unfortunately rsyslog puts in logfile a dozen or at most about 30 messages losing information about real count of masqueraded packages. It does not matter if I have sync enabled or disabled on the logfile or if RepeatedMsgReduction is on or of.
What is going on here? Is rsyslog to slow or am I overlooking something?
WRz
Posted 2015-03-05T21:11:12.783
Reputation: 123
Have you tried adding
– hololeap – 2015-03-05T21:22:45.490$SystemLogRateLimitInterval 0torsyslog.confand restarting rsyslog as suggested here?Yes. It does not help. – WRz – 2015-03-05T21:32:10.273
Not sure. You could try another logger like metalog. Please include your iptables rules in your question so we have it for reference. – hololeap – 2015-03-05T21:43:21.227
1Before trying something else I wanted to check out default logger installed by debian. Probably it was a mistake... I added to iptables rules to the question. – WRz – 2015-03-05T21:53:32.440
Confirmed: syslog-ng has virtually no problems with logging every single packet that hit the iptables LOG target. – WRz – 2015-03-06T11:07:06.070