How to Enable Logging in Iptables on Linux

How to Enable Logging in Iptables on Linux

Enabling logging on iptables is helpful for monitoring traffic coming to our server. This we we can also find number of hits done from any ip. This article will help for enable loging in iptables for all packets filtered by iptables.

Enable Iptables LOG

We can simply use following command to enable logging in iptables.

$ iptables -A INPUT -j LOG

We can also define the source ip or range for which log will be created.

$ iptables -A INPUT -s 192.168.10.0/24 -j LOG

To define level of LOG generated by iptables us –log-level followed by level number.

$ iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-level 4

We can also add some prefix in generated Logs, So it will be easy to search for logs in a huge file.

$ iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-prefix '** SUSPECT **'

View Iptables LOG

After enabling iptables logs. check following log files to view logs generated by iptables as per your operating system.

On Ubuntu and Debian

iptables logs are generated by the kernel. So check following kernel log file.

$ tailf /var/log/kern.log

On CentOS/RHEL and Fedora

# cat /var/log/messages

Change Iptables LOG File Name

To change iptables log file name edit /etc/rsyslog.conf file and add following configuration in file.

# vi /etc/syslog.conf

Add following line

kern.warning /var/log/iptables.log

Now restart rsyslog service using following command.

$ service rsyslog restart
 
Enjoyed this video?
How to Enable Logging in Iptables on Linux
"No Thanks. Please Close This Box!"