Hi, I have centos 6.5 64bit running with this iptables rule, I would to logging all the drop packet on the input chain to a separate log file to review, please guide me how to do that, thanks
*filter :INPUT DROP [2:120] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [119:11746] -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -p tcp -m tcp --dport 4190 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m tcp --dport 3847 -j ACCEPT -A INPUT -d x.x.x.x/32 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT COMMIT
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Using iptables alone, there is no way to log to a separate file. Though, you can set a prefix that will be appended to the log message. That way you can search for it much easier. You can do something like: <br> <br><pre> <br>iptables -A INPUT -j LOG --log-prefix='[iptables] ’ <br></pre> <br> <br>You might want to look into something like rsyslog which can filter things into a separate log file based on the prefix: <br> <br>http://www.rsyslog.com/