I have got iptables on my centos 7. My firewalld is disabled.
How can I log my iptables events? On debian it is dmesg option but I don't know how to set it on centos.
I want to log all of my iptables events. Not specific rule.
centosdmesgiptableslogs
I have got iptables on my centos 7. My firewalld is disabled.
How can I log my iptables events? On debian it is dmesg option but I don't know how to set it on centos.
I want to log all of my iptables events. Not specific rule.
Best Answer
When a packet matches a
iptables ... -j LOG
rule, a kernel log message is generated. You can specify the severity level of the message using the--log-level <level>
option, where the<level>
can be one of the standard syslog level identifiers:emerg
,alert
,crit
,error
,warning
,notice
,info
ordebug
.These log messages are processed by
rsyslog
: if the severity level is low enough,rsyslog
may completely discard the messages. Since the iptables log messages come from the kernel, their logging category will always bekern
. So look into/etc/rsyslog.conf
to see which is the minimum severity level forkern.*
messages to be acted on, and into which log file they will be stored into. Then set an appropriate severity level to youriptables -j LOG
rules.Or use the
iptables ... -j LOG --log-prefix <prefix>
option to add an identifiable prefix to iptables messages, and then use the advanced features ofrsyslog
to write the iptables messages into a separate log file.