Standard iptables logs - syslog?
The host I am running FA on is a CentOS 5x system which is already setup to received syslogs on port 514 from all other linux servers, including the firewall/gateway which is running a basic iptables firewall. The log entries in the syslog (/var/log/messages) look the those below, but I cant seem to import the message file with those entries, or even when I created a syslog destination to @ipaddress:1514 to send to the FA machine, it reports an invalide log entrty.
How to do send only the iptables firewall entries to the FA machine?
Apr 16 14:24:19 vhs kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:0c:29:bc:14:e5:00:02:85:11:c2:80:08:00 SRC=24.64.83.100 DST=111.111.79.14 LEN=512 TOS=0x00 PREC=0x00 TTL=67 ID=48091 PROTO=UDP SPT=2676 DPT=1026 LEN=492
Apr 16 14:24:19 vhs kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:0c:29:bc:14:e5:00:02:85:11:c2:80:08:00 SRC=24.64.83.100 DST=111.111.79.14 LEN=512 TOS=0x00 PREC=0x00 TTL=67 ID=48092 PROTO=UDP SPT=2676 DPT=1027 LEN=492
Apr 16 14:24:19 vhs kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:0c:29:bc:14:e5:00:02:85:11:c2:80:08:00 SRC=24.64.83.100 DST=111.111.79.14 LEN=512 TOS=0x00 PREC=0x00 TTL=67 ID=48093 PROTO=UDP SPT=2676 DPT=1028 LEN=492
Apr 16 14:24:19 vhs kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:0c:29:bc:14:e5:00:02:85:11:c2:80:08:00 SRC=24.64.14.6 DST=111.111.79.184 LEN=512 TOS=0x00 PREC=0x00 TTL=67 ID=41141 PROTO=UDP SPT=12100 DPT=1026 LEN=492
Apr 16 14:24:19 vhs kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:0c:29:bc:14:e5:00:02:85:11:c2:80:08:00 SRC=24.64.14.6 DST=111.111.79.184 LEN=512 TOS=0x00 PREC=0x00 TTL=67 ID=41142 PROTO=UDP SPT=12100 DPT=1027 LEN=492
How to do send only the iptables firewall entries to the FA machine?
Apr 16 14:24:19 vhs kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:0c:29:bc:14:e5:00:02:85:11:c2:80:08:00 SRC=24.64.83.100 DST=111.111.79.14 LEN=512 TOS=0x00 PREC=0x00 TTL=67 ID=48091 PROTO=UDP SPT=2676 DPT=1026 LEN=492
Apr 16 14:24:19 vhs kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:0c:29:bc:14:e5:00:02:85:11:c2:80:08:00 SRC=24.64.83.100 DST=111.111.79.14 LEN=512 TOS=0x00 PREC=0x00 TTL=67 ID=48092 PROTO=UDP SPT=2676 DPT=1027 LEN=492
Apr 16 14:24:19 vhs kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:0c:29:bc:14:e5:00:02:85:11:c2:80:08:00 SRC=24.64.83.100 DST=111.111.79.14 LEN=512 TOS=0x00 PREC=0x00 TTL=67 ID=48093 PROTO=UDP SPT=2676 DPT=1028 LEN=492
Apr 16 14:24:19 vhs kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:0c:29:bc:14:e5:00:02:85:11:c2:80:08:00 SRC=24.64.14.6 DST=111.111.79.184 LEN=512 TOS=0x00 PREC=0x00 TTL=67 ID=41141 PROTO=UDP SPT=12100 DPT=1026 LEN=492
Apr 16 14:24:19 vhs kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:0c:29:bc:14:e5:00:02:85:11:c2:80:08:00 SRC=24.64.14.6 DST=111.111.79.184 LEN=512 TOS=0x00 PREC=0x00 TTL=67 ID=41142 PROTO=UDP SPT=12100 DPT=1027 LEN=492