You could SSH into each virtual router and append some logging rules into the existing chains. The rules go into the mangle table.
If you wanted to log all drops then you could go for something like this. #* iptables -I FIREWALL_10.144.100.109 3 -t mangle -j LOG* I put this in line 3 of my FIREWALL_10.144.100.109 chain, just above the DROP so it looks something like: *# iptables -n -v --line-numbers -t mangle -L FIREWALL_10.144.100.109 Chain FIREWALL_10.144.100.109 (1 references) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 0 0 RETURN tcp -- * * 2.2.2.2 0.0.0.0/0 tcp dpt:69 3 2 120 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 4 2 120 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 * Now here's the problems with doing this.... 1. The logging rules are blown away if anyone adds OR removes any firewall rules. 2. You will lose the rules if the router is ever re-created for upgrades etc. So all in all it might not be worth the effort. It is a feature people do ask about quite a bit though so could be worth a feature request. Best regards, David Comerford Mobile: +353 87 1238295 Email: davest...@gmail.com Website: http://dave.ie GPG key: http://pgp.dave.ie On 5 July 2013 10:43, Ahmad Emneina <aemne...@gmail.com> wrote: > you might have to enable that manually on the router, via iptables or > rsyslog, i dont see it being logged myself. > > > On Fri, Jul 5, 2013 at 1:57 AM, Len Bellemore < > len.bellem...@controlcircle.com> wrote: > > > Hi Guys, > > > > Does anyone know where the virtual router logs firewall access requests? > > I guess it would be an iptables log of some sort. > > > > I don't see much in /var/log/messages other than rules being applied. > > > > Many Thanks > > > > Len > > > > ________________________________ > > IMPORTANT NOTICE. This electronic message contains information from > > Control Circle Ltd, which may be privileged or confidential. The > > information is intended for use only by the individual(s) or entity named > > above. If you are not the intended recipient, be aware that any > disclosure, > > copying, distribution or use of the contents of this information is > > strictly prohibited. If you have received this electronic message in > error, > > please notify me by telephone or email (to the number or email address > > above) immediately. Activity and use of the ControlCircle e-mail system > is > > monitored to secure its effective operation and for other lawful business > > purposes. Communications using this system will also be monitored and may > > be recorded to secure effective operation and for other lawful business > > purposes > > >
