To see information from your most recent boot, run
journalctl -b
To see the details that were logged during a previous boot, just in case you need to compare them with your most recent, run
journalctl --list-boots
You will then see results similar to the output shown below, but will need to page to the bottom of the output to see the most recent.
-2 5d45a92d9d5a42d8ae1c8b454f7e1314 Sun 2018-08-19 02:29:21 PDT—Sun 2018-08-19 02:36:26 PDT
-1 d5b8ebc236734ee69c48c3809ae452b1 Sun 2018-08-19 02:43:06 PDT—Sun 2018-08-19 07:20:54 PDT
0 6f844406186e4e31ba0375a7bc736242 Sun 2018-08-19 10:43:31 PDT—Sun 2018-08-19 18:54:51 PDT
At the very bottom of the output, you will see a line that starts with 0, which will represent your most recently logged boot info, the same info you saw when you ran journalctl -b.
To see the data that was logged during the previous boot, copy the identifier from the line that starts with -1 and run the following
journalctl --boot=d5b8ebc236734ee69c48c3809ae452b1
To go back further in time, just change to -2, -3, -4, etc.
Best Answer
These logs are generated by the kernel, so they go to the file that receives kernel logs:
/var/log/kern.log.If you want to redirect these logs to a different file, that can't be done through iptables. It can be done in the configuration of the program that dispatches logs: rsyslog. In the iptables rule, add a prefix that isn't used by any other kernel log:
Following the example set by
20-ufw.conf, create a file under/etc/rsyslog.d/00-my_iptables.confcontaining:Putting the rule early (the file names in
/etc/rsyslog.dare used in lexicographic order) and adding&stopcauses these logs to go only to the specified location and not to the default location as well.Rsyslog has to be restarted for the config changes to take place.