francly
By:
francly

iptables logging

June 7, 2014 1.7k views
Hi, I have centos 6.5 64bit running with this iptables rule, I would to logging all the drop packet on the input chain to a separate log file to review, please guide me how to do that, thanks # Generated by iptables-save v1.4.7 on Sat Jun 7 00:56:05 2014 *filter :INPUT DROP [2:120] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [119:11746] -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -p tcp -m tcp --dport 4190 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m tcp --dport 3847 -j ACCEPT -A INPUT -d x.x.x.x/32 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Sat Jun 7 00:56:05 2014
1 Answer
Using iptables alone, there is no way to log to a separate file. Though, you can set a prefix that will be appended to the log message. That way you can search for it much easier. You can do something like:


iptables -A INPUT -j LOG --log-prefix='[iptables] '


You might want to look into something like rsyslog which can filter things into a separate log file based on the prefix:

http://www.rsyslog.com/
Have another answer? Share your knowledge.