Enabling logging on iptables is useful for observing traffic coming to our server. This way we can also find out the number of hits done from any ip. This article will help to enable loging in iptables. Previously we have learned how easy it is to install and use iptables on CentOS, you can get that basic information on my previous tutorial.Enable Iptables LOG
We can simply use following command to enable logging in iptables.
$ iptables -A INPUT -j LOG
We can also define the source ip or range for which log will be created.
$ iptables -A INPUT -s 192.168.10.0/24 -j LOG
To define level of LOG generated by iptables us –log-level followed by level number.
$ iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-level 4
We can also add some prefix in generated Logs, So it will be easy to search for logs in a huge file.
$ iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-prefix '** SUSPECT **'
View Iptables LOG
After enabling iptables logs, you can check the following log files to view logs generated by iptables as per your operating system.
On Ubuntu and Debian
iptables logs are generated by the kernel. So check following kernel log file.
$ tailf /var/log/kern.log
On CentOS/RHEL and Fedora
# cat /var/log/messages
Change Iptables LOG File Name
To change iptables log file name edit /etc/rsyslog.conf file and add following configuration in file.
kern.warning /var/log/iptables.log
Finally restart rsyslog service using following command.
$ service rsyslog restart