Enabling logging on iptables is helpful for monitoring traffic coming to our server. This we can also find the number of hits done from any IP. This article will help enable logging in iptables for all packets filtered by iptables.
Enable Iptables LOG
We can simply use following command to enable logging in iptables.
iptables -A INPUT -j LOG
We can also define the source ip or range for which log will be created.
iptables -A INPUT -s 192.168.10.0/24 -j LOG
To define level of LOG generated by iptables us –log-level followed by level number.
iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-level 4
We can also add some prefix in generated Logs, So it will be easy to search for logs in a huge file.
iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-prefix '** SUSPECT **'
View Iptables LOG
After enabling iptables logs. check following log files to view logs generated by iptables as per your operating system.
On Ubuntu and Debian
iptables logs are generated by the kernel. So check following kernel log file.
tail -f /var/log/kern.log
On CentOS/RHEL and Fedora
Change Iptables LOG File Name
To change iptables log file name edit /etc/rsyslog.conf file and add following configuration in file.
Add the following line
Now, restart rsyslog service using the following command.
service rsyslog restart