Linux – How to configure syslog.conf file, to log iptables messages in a separate file

iptableslinuxsyslog

How can I configure /etc/syslog.conf file in order to save log information about iptables in a specific file.

I want to save these information separately, so I can extract what I want easily and rapidly.

Take a look in the man page for iptables. It shows a target called LOG which can do what you want.

Set the logging level for LOG to 4.

# DROP everything and Log it
iptables -A INPUT -j LOG --log-level 4
iptables -A INPUT -j DROP

Configure syslog.conf to write these messages to a separate file.
```
# /etc/syslog.conf
kern.warning     /var/log/iptables.log
```

Restart syslogd.

Debian/Ubuntu

$ sudo /etc/init.d/sysklogd restart

Fedora/CentOS/RHEL

$ sudo /etc/init.d/syslog restart

NOTE: This method of logging is called fixed priorities. They are either numbers or names (1,2,3,4,..) or (DEBUG, WARN, INFO, etc.).

If by chance you're using rsyslog, you can create a property based filter like so:

# /etc/rsyslog.conf
:msg, contains, "NETFILTER"       /var/log/iptables.log
:msg, contains, "NETFILTER"     ~

Then add thils switch to your iptables rules that you want to log:

–log-prefix NETFILTER

As an alternative you could also log the messages using this type of property filter:

:msg, startswith, "iptables: " -/var/log/iptables.log
& ~
:msg, regex, "^\[ *[0-9]*\.[0-9]*\] iptables: " -/var/log/iptables.log
& ~

NOTE: This 2nd method doesn't require any changes to iptables.