iptables logging

Posted June 7, 2014 3.2k views
Hi, I have centos 6.5 64bit running with this iptables rule, I would to logging all the drop packet on the input chain to a separate log file to review, please guide me how to do that, thanks # Generated by iptables-save v1.4.7 on Sat Jun 7 00:56:05 2014 *filter :INPUT DROP [2:120] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [119:11746] -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -p tcp -m tcp --dport 4190 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m tcp --dport 3847 -j ACCEPT -A INPUT -d x.x.x.x/32 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Sat Jun 7 00:56:05 2014

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer
Using iptables alone, there is no way to log to a separate file. Though, you can set a prefix that will be appended to the log message. That way you can search for it much easier. You can do something like:

iptables -A INPUT -j LOG --log-prefix='[iptables] '

You might want to look into something like rsyslog which can filter things into a separate log file based on the prefix: