Centos – Log iptables events on centos 7

centosdmesgiptableslogs

I have got iptables on my centos 7. My firewalld is disabled.
How can I log my iptables events? On debian it is dmesg option but I don't know how to set it on centos.

I want to log all of my iptables events. Not specific rule.

Best Answer

When a packet matches a iptables ... -j LOG rule, a kernel log message is generated. You can specify the severity level of the message using the --log-level <level> option, where the <level> can be one of the standard syslog level identifiers: emerg, alert, crit, error, warning, notice, info or debug.

These log messages are processed by rsyslog: if the severity level is low enough, rsyslog may completely discard the messages. Since the iptables log messages come from the kernel, their logging category will always be kern. So look into /etc/rsyslog.conf to see which is the minimum severity level for kern.* messages to be acted on, and into which log file they will be stored into. Then set an appropriate severity level to your iptables -j LOG rules.

Or use the iptables ... -j LOG --log-prefix <prefix> option to add an identifiable prefix to iptables messages, and then use the advanced features of rsyslog to write the iptables messages into a separate log file.

Best Answer

Related Solutions

How to log samba events

Iptables log file

Related Question