Как запретить писать в /var/syslog?

[AnrDaemon]

ictor00000, сделал :msg, contains, "Iptables: " -/var/log/iptables.log& stop/etc/init.d/rsyslog restartне помогло, ничего не изменилось.

А что, должно было что-то измениться?… вам самому-то не смешно?

а где вообще правила

Всё там же, /etc/rsyslog.conf, /etc/rsyslog.d/*.conf

[victor00000]

Ввысь,
лучше каждый завтра очистить в суслог, помощь cron.

[AnrDaemon]

Ввысь, что вообще за система/откуда? Потому что такое количество вопросов просто несовместимо с обычной установкой по умолчанию.

[Ввысь]

AnrDaemon, сделал все заново. Всё чистое, виртуалка у hetzner.

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.5 LTS
Release:        16.04
Codename:       xenial

iptables -A INPUT -p tcp -m state --state NEW -d 172.31.1.100 -j LOG --log-prefix "Iptables: " 

echo ':msg, contains, "Iptables: " -/var/ log/iptables.log' > /etc/rsyslog.d/iptables.conf
echo '& ~' >> /etc/rsyslog.d/iptables.conf

/etc/init.d/rsyslog restart

всё, началась запись в три файла

-rw-r----- 1 syslog adm   1114 Nov 26 08:30 iptables.log
-rw-r----- 1 syslog adm  59062 Nov 26 08:30 kern.log
-rw-r----- 1 syslog adm  73750 Nov 26 08:30 syslog

cat iptables.log

(Нажмите, чтобы показать/скрыть)

Nov 26 08:30:10 Ubuntu-1604-xenial-64-minimal kernel: [  379.539319] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=4157 DF PROTO=TCP SPT=32776 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:16 Ubuntu-1604-xenial-64-minimal kernel: [  385.350123] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=72.81.139.72 DST=172.31.1.100 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=2787 DF PROTO=TCP SPT=57773 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 26 08:30:16 Ubuntu-1604-xenial-64-minimal kernel: [  386.029437] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=72.81.139.72 DST=172.31.1.100 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=2820 DF PROTO=TCP SPT=57773 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 26 08:30:18 Ubuntu-1604-xenial-64-minimal kernel: [  387.764135] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=116.31.116.49 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9296 DF PROTO=TCP SPT=53364 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:23 Ubuntu-1604-xenial-64-minimal kernel: [  393.083646] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=11195 DF PROTO=TCP SPT=36582 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:25 Ubuntu-1604-xenial-64-minimal kernel: [  394.941444] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.102.29.187 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=39805 DF PROTO=TCP SPT=59450 DPT=22 WINDOW=28200 RES=0x00 SYN URGP=0
Nov 26 08:30:26 Ubuntu-1604-xenial-64-minimal kernel: [  396.310051] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.123.15.142 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40339 DF PROTO=TCP SPT=56856 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:34 Ubuntu-1604-xenial-64-minimal kernel: [  403.857330] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=51.68.227.49 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=60131 DF PROTO=TCP SPT=60496 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:35 Ubuntu-1604-xenial-64-minimal kernel: [  404.429186] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=5963 DF PROTO=TCP SPT=50198 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:38 Ubuntu-1604-xenial-64-minimal kernel: [  407.634376] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.123.15.142 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=507 DF PROTO=TCP SPT=44704 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0

                                                                                                       

cat kern.log

(Нажмите, чтобы показать/скрыть)

Nov 26 08:29:31 Ubuntu-1604-xenial-64-minimal kernel: [  341.250609] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.123.15.142 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=671 DF PROTO=TCP SPT=42324 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:29:33 Ubuntu-1604-xenial-64-minimal kernel: [  342.748948] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=18695 DF PROTO=TCP SPT=48864 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:29:38 Ubuntu-1604-xenial-64-minimal kernel: [  347.795688] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=116.31.116.49 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34927 DF PROTO=TCP SPT=22157 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:29:40 Ubuntu-1604-xenial-64-minimal kernel: [  349.489844] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=185.211.245.165 DST=172.31.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=11466 PROTO=TCP SPT=42544 DPT=3388 WINDOW=1024 RES=0x00 SYN URGP=0
Nov 26 08:29:43 Ubuntu-1604-xenial-64-minimal kernel: [  352.884131] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=31205 DF PROTO=TCP SPT=51376 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:29:44 Ubuntu-1604-xenial-64-minimal kernel: [  353.702600] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=185.255.31.14 DST=172.31.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=48752 PROTO=TCP SPT=56317 DPT=337 WINDOW=1024 RES=0x00 SYN URGP=0
Nov 26 08:29:45 Ubuntu-1604-xenial-64-minimal kernel: [  354.547785] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=181.39.75.34 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=3223 DF PROTO=TCP SPT=36952 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:29:46 Ubuntu-1604-xenial-64-minimal kernel: [  355.525215] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.123.15.142 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57135 DF PROTO=TCP SPT=37002 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:29:54 Ubuntu-1604-xenial-64-minimal kernel: [  363.567261] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=54094 DF PROTO=TCP SPT=51552 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:06 Ubuntu-1604-xenial-64-minimal kernel: [  376.091358] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=185.255.31.14 DST=172.31.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=7741 PROTO=TCP SPT=56317 DPT=343 WINDOW=1024 RES=0x00 SYN URGP=0
Nov 26 08:30:06 Ubuntu-1604-xenial-64-minimal kernel: [  376.198160] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.123.15.142 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=51457 DF PROTO=TCP SPT=36953 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:10 Ubuntu-1604-xenial-64-minimal kernel: [  379.539319] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=4157 DF PROTO=TCP SPT=32776 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:16 Ubuntu-1604-xenial-64-minimal kernel: [  385.350123] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=72.81.139.72 DST=172.31.1.100 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=2787 DF PROTO=TCP SPT=57773 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 26 08:30:16 Ubuntu-1604-xenial-64-minimal kernel: [  386.029437] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=72.81.139.72 DST=172.31.1.100 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=2820 DF PROTO=TCP SPT=57773 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 26 08:30:18 Ubuntu-1604-xenial-64-minimal kernel: [  387.764135] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=116.31.116.49 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9296 DF PROTO=TCP SPT=53364 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:23 Ubuntu-1604-xenial-64-minimal kernel: [  393.083646] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=11195 DF PROTO=TCP SPT=36582 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:25 Ubuntu-1604-xenial-64-minimal kernel: [  394.941444] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.102.29.187 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=39805 DF PROTO=TCP SPT=59450 DPT=22 WINDOW=28200 RES=0x00 SYN URGP=0
Nov 26 08:30:26 Ubuntu-1604-xenial-64-minimal kernel: [  396.310051] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.123.15.142 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40339 DF PROTO=TCP SPT=56856 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:34 Ubuntu-1604-xenial-64-minimal kernel: [  403.857330] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=51.68.227.49 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=60131 DF PROTO=TCP SPT=60496 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:35 Ubuntu-1604-xenial-64-minimal kernel: [  404.429186] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=5963 DF PROTO=TCP SPT=50198 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:38 Ubuntu-1604-xenial-64-minimal kernel: [  407.634376] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.123.15.142 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=507 DF PROTO=TCP SPT=44704 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:38 Ubuntu-1604-xenial-64-minimal kernel: [  408.011339] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=209.141.53.249 DST=172.31.1.100 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=42870 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
Nov 26 08:30:38 Ubuntu-1604-xenial-64-minimal kernel: [  408.085863] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=114.42.55.87 DST=172.31.1.100 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=9534 DF PROTO=TCP SPT=57167 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 26 08:30:39 Ubuntu-1604-xenial-64-minimal kernel: [  408.848449] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=114.42.55.87 DST=172.31.1.100 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=9581 DF PROTO=TCP SPT=57167 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0

cat syslog

(Нажмите, чтобы показать/скрыть)

Nov 26 08:29:31 Ubuntu-1604-xenial-64-minimal kernel: [  341.250609] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.123.15.142 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=671 DF PROTO=TCP SPT=42324 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:29:33 Ubuntu-1604-xenial-64-minimal kernel: [  342.748948] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=18695 DF PROTO=TCP SPT=48864 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:29:38 Ubuntu-1604-xenial-64-minimal kernel: [  347.795688] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=116.31.116.49 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34927 DF PROTO=TCP SPT=22157 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:29:40 Ubuntu-1604-xenial-64-minimal kernel: [  349.489844] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=185.211.245.165 DST=172.31.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=11466 PROTO=TCP SPT=42544 DPT=3388 WINDOW=1024 RES=0x00 SYN URGP=0
Nov 26 08:29:43 Ubuntu-1604-xenial-64-minimal kernel: [  352.884131] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=31205 DF PROTO=TCP SPT=51376 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:29:44 Ubuntu-1604-xenial-64-minimal kernel: [  353.702600] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=185.255.31.14 DST=172.31.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=48752 PROTO=TCP SPT=56317 DPT=337 WINDOW=1024 RES=0x00 SYN URGP=0
Nov 26 08:29:45 Ubuntu-1604-xenial-64-minimal kernel: [  354.547785] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=181.39.75.34 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=3223 DF PROTO=TCP SPT=36952 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:29:46 Ubuntu-1604-xenial-64-minimal kernel: [  355.525215] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.123.15.142 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57135 DF PROTO=TCP SPT=37002 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:29:54 Ubuntu-1604-xenial-64-minimal kernel: [  363.567261] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=54094 DF PROTO=TCP SPT=51552 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:06 Ubuntu-1604-xenial-64-minimal kernel: [  376.091358] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=185.255.31.14 DST=172.31.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=7741 PROTO=TCP SPT=56317 DPT=343 WINDOW=1024 RES=0x00 SYN URGP=0
Nov 26 08:30:06 Ubuntu-1604-xenial-64-minimal kernel: [  376.198160] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.123.15.142 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=51457 DF PROTO=TCP SPT=36953 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:07 Ubuntu-1604-xenial-64-minimal rsyslogd: [origin software="rsyslogd" swVersion="8.16.0" x-pid="372" x-info="http://www.rsyslog.com"] exiting on signal 15.
Nov 26 08:30:07 Ubuntu-1604-xenial-64-minimal rsyslogd: [origin software="rsyslogd" swVersion="8.16.0" x-pid="929" x-info="http://www.rsyslog.com"] start
Nov 26 08:30:07 Ubuntu-1604-xenial-64-minimal rsyslogd-2222: command 'KLogPermitNonKernelFacility' is currently not permitted - did you already set it via a RainerScript command (v6+ config)? [v8.16.0 try http://www.rsyslog.com/e/2222 ]
Nov 26 08:30:07 Ubuntu-1604-xenial-64-minimal rsyslogd-2307: warning: ~ action is deprecated, consider using the 'stop' statement instead [v8.16.0 try http://www.rsyslog.com/e/2307 ]
Nov 26 08:30:07 Ubuntu-1604-xenial-64-minimal rsyslogd: rsyslogd's groupid changed to 109
Nov 26 08:30:07 Ubuntu-1604-xenial-64-minimal rsyslogd: rsyslogd's userid changed to 105
Nov 26 08:30:07 Ubuntu-1604-xenial-64-minimal rsyslogd-2039: Could not open output pipe '/dev/xconsole':: No such file or directory [v8.16.0 try http://www.rsyslog.com/e/2039 ]
Nov 26 08:30:07 Ubuntu-1604-xenial-64-minimal rsyslogd-2007: action 'action 9' suspended, next retry is Mon Nov 26 08:30:37 2018 [v8.16.0 try http://www.rsyslog.com/e/2007 ]
Nov 26 08:30:07 Ubuntu-1604-xenial-64-minimal systemd[1]: Stopping System Logging Service...
Nov 26 08:30:07 Ubuntu-1604-xenial-64-minimal systemd[1]: Stopped System Logging Service.
Nov 26 08:30:07 Ubuntu-1604-xenial-64-minimal systemd[1]: Starting System Logging Service...
Nov 26 08:30:07 Ubuntu-1604-xenial-64-minimal systemd[1]: Started System Logging Service.
Nov 26 08:30:10 Ubuntu-1604-xenial-64-minimal kernel: [  379.539319] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=4157 DF PROTO=TCP SPT=32776 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:16 Ubuntu-1604-xenial-64-minimal kernel: [  385.350123] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=72.81.139.72 DST=172.31.1.100 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=2787 DF PROTO=TCP SPT=57773 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 26 08:30:16 Ubuntu-1604-xenial-64-minimal kernel: [  386.029437] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=72.81.139.72 DST=172.31.1.100 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=2820 DF PROTO=TCP SPT=57773 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 26 08:30:18 Ubuntu-1604-xenial-64-minimal kernel: [  387.764135] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=116.31.116.49 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9296 DF PROTO=TCP SPT=53364 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:23 Ubuntu-1604-xenial-64-minimal kernel: [  393.083646] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=11195 DF PROTO=TCP SPT=36582 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:25 Ubuntu-1604-xenial-64-minimal kernel: [  394.941444] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.102.29.187 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=39805 DF PROTO=TCP SPT=59450 DPT=22 WINDOW=28200 RES=0x00 SYN URGP=0
Nov 26 08:30:26 Ubuntu-1604-xenial-64-minimal kernel: [  396.310051] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.123.15.142 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40339 DF PROTO=TCP SPT=56856 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:34 Ubuntu-1604-xenial-64-minimal kernel: [  403.857330] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=51.68.227.49 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=60131 DF PROTO=TCP SPT=60496 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:35 Ubuntu-1604-xenial-64-minimal kernel: [  404.429186] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=5963 DF PROTO=TCP SPT=50198 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:38 Ubuntu-1604-xenial-64-minimal kernel: [  407.634376] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.123.15.142 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=507 DF PROTO=TCP SPT=44704 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:38 Ubuntu-1604-xenial-64-minimal kernel: [  408.011339] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=209.141.53.249 DST=172.31.1.100 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=42870 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
Nov 26 08:30:38 Ubuntu-1604-xenial-64-minimal kernel: [  408.085863] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=114.42.55.87 DST=172.31.1.100 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=9534 DF PROTO=TCP SPT=57167 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 26 08:30:39 Ubuntu-1604-xenial-64-minimal kernel: [  408.848449] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=114.42.55.87 DST=172.31.1.100 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=9581 DF PROTO=TCP SPT=57167 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 26 08:30:43 Ubuntu-1604-xenial-64-minimal kernel: [  412.711574] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=200.109.141.171 DST=172.31.1.100 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=6086 DF PROTO=TCP SPT=57860 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 26 08:30:44 Ubuntu-1604-xenial-64-minimal kernel: [  413.455299] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=200.109.141.171 DST=172.31.1.100 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=6268 DF PROTO=TCP SPT=57860 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 26 08:30:46 Ubuntu-1604-xenial-64-minimal kernel: [  415.523042] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=122.226.181.165 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=43140 DF PROTO=TCP SPT=59208 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 26 08:30:51 Ubuntu-1604-xenial-64-minimal kernel: [  420.456840] Iptables: IN=eth0 OUT= MAC=52:54:a2:02:14:bd:d2:74:7f:6e:37:e3:08:00 SRC=118.123.15.142 DST=172.31.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39264 DF PROTO=TCP SPT=36471 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0

victor00000, это костыли, если не раскурю в чем дело, то можно и так.

логи пришлось обрезать, не проходит по количеству символов в сообщении

если поможет в решении вопроса, готов дать ip логин и пароль

[AnrDaemon]

виртуалка у hetzner.

Это ответ. Там вполне могут быть кастомные настройки.
Показывайте конфиги rsyslogd и sysctl

[Ввысь]

AnrDaemon,
cat /etc/rsyslog.conf

(Нажмите, чтобы показать/скрыть)

#  /etc/rsyslog.conf    Configuration file for rsyslog.
#
#                       For more information see
#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
#  Default logging rules can be found in /etc/rsyslog.d/50-default.conf


#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
module(load="imklog")   # provides kernel logging support
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")

# Enable non-kernel facility klog messages
$KLogPermitNonKernelFacility on

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

cat /etc/sysctl.conf

(Нажмите, чтобы показать/скрыть)

#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
#  Enabling this option disables Stateless Address Autoconfiguration
#  based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1


###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#

есть еще такое, там тоже есть настройки касающиеся логов, вдруг пригодится
cat 50-default.conf

(Нажмите, чтобы показать/скрыть)

#  Default rules for rsyslog.
#
#                       For more information see rsyslog.conf(5) and /etc/rsyslog.conf

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog
#cron.*                         /var/log/cron.log
#daemon.*                       -/var/log/daemon.log
kern.*                          -/var/log/kern.log
#lpr.*                          -/var/log/lpr.log
mail.*                          -/var/log/mail.log
#user.*                         -/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
#mail.info                      -/var/log/mail.info
#mail.warn                      -/var/log/mail.warn
mail.err                        /var/log/mail.err

#
# Logging for INN news system.
#
news.crit                       /var/log/news/news.crit
news.err                        /var/log/news/news.err
news.notice                     -/var/log/news/news.notice

#
# Some "catch-all" log files.
#
#*.=debug;\
#       auth,authpriv.none;\
#       news.none;mail.none     -/var/log/debug
#*.=info;*.=notice;*.=warn;\
#       auth,authpriv.none;\
#       cron,daemon.none;\
#       mail,news.none          -/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg                                :omusrmsg:*

#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
#       news.=crit;news.=err;news.=notice;\
#       *.=debug;*.=info;\
#       *.=notice;*.=warn       /dev/tty8

# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
# you must invoke `xconsole' with the `-file' option:
#
#    $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
#      busy site..
#
daemon.*;mail.*;\
        news.err;\
        *.=debug;*.=info;\
        *.=notice;*.=warn       |/dev/xconsole

[AnrDaemon]

$IncludeConfig /etc/rsyslog.d/*.conf

А эти где?

И вообще это может быть особенностью используемой ими системы виртуализации, и вопрос по сути надо задавать в их техподдержку.

[Ввысь]

AnrDaemon,

/etc/rsyslog.d # ls -l
total 8
-rw-r--r-- 1 root root 1655 Dec  2  2015 50-default.conf
-rw-r--r-- 1 root root   56 Nov 26 08:29 iptables.conf

этот я сделал

cat iptables.conf

(Нажмите, чтобы показать/скрыть)

:msg, contains, "Iptables: " -/var/log/iptables.log
& ~

этот был с рождения
cat 50-default.conf

(Нажмите, чтобы показать/скрыть)

#  Default rules for rsyslog.
#
#                       For more information see rsyslog.conf(5) and /etc/rsyslog.conf

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog
#cron.*                         /var/log/cron.log
#daemon.*                       -/var/log/daemon.log
kern.*                          -/var/log/kern.log
#lpr.*                          -/var/log/lpr.log
mail.*                          -/var/log/mail.log
#user.*                         -/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
#mail.info                      -/var/log/mail.info
#mail.warn                      -/var/log/mail.warn
mail.err                        /var/log/mail.err

#
# Logging for INN news system.
#
news.crit                       /var/log/news/news.crit
news.err                        /var/log/news/news.err
news.notice                     -/var/log/news/news.notice

#
# Some "catch-all" log files.
#
#*.=debug;\
#       auth,authpriv.none;\
#       news.none;mail.none     -/var/log/debug
#*.=info;*.=notice;*.=warn;\
#       auth,authpriv.none;\
#       cron,daemon.none;\
#       mail,news.none          -/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg                                :omusrmsg:*

#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
#       news.=crit;news.=err;news.=notice;\
#       *.=debug;*.=info;\
#       *.=notice;*.=warn       /dev/tty8

# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
# you must invoke `xconsole' with the `-file' option:
#
#    $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
#      busy site..
#
daemon.*;mail.*;\
        news.err;\
        *.=debug;*.=info;\
        *.=notice;*.=warn       |/dev/xconsole

Ничего кроме этих двух файлов в папке нет

[AnrDaemon]

Ну так вините себя!
Переименуйте iptables.conf в 05-iptables.conf

[Ввысь]

AnrDaemon, огонь) то что надо. Теперь буду знать, спасибо большое.

[AnrDaemon]

Логика такая, что правила выстраиваются в алфавитном порядке прочитанных файлов.
У вас в итоге действовали следующие правила:

Код: [Выделить]

…
*.kern: -/var/log/kern
…
"Iptables: ": -/var/log/iptables
& ~Т.е. в kern.log успевало попасть до того, как подключался ваш фильтр.
Пользователь добавил сообщение 26 Ноября 2018, 17:13:56:P.S.
Вам больше подошло бы "startswith".

[Ввысь]

"startswith"

хм. А что это?

[AnrDaemon]

https://translate.google.ru/?q=starts+with&oe=utf-8&ie=utf-8#en/ru/starts%20with

[Ввысь]

AnrDaemon, понял. Это про "с чего начинается файл". Спасибо еще раз.

[AnrDaemon]

Это про ":msg, contains,"
Вместо contains.