Facebook Twitter Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    You are at:Home»Linux Tutorials»Enabling Logging in Iptables on Linux: A Beginner’s Guide

    Enabling Logging in Iptables on Linux: A Beginner’s Guide

    By RahulJanuary 27, 20234 Mins Read

    Iptables is a powerful firewall tool that is commonly used on Linux systems to control incoming and outgoing network traffic. One of the most important features of iptables is its ability to log network activity, which can be used to troubleshoot issues and monitor security. However, many beginners may find the process of enabling logging in iptables confusing or overwhelming.

    Advertisement

    Before we begin, it is important to note that iptables logging is only available in kernel 2.4.x and later versions. Also, you need to have root access to your Linux system to perform the steps outlined in this guide.

    This guide aims to provide a clear and easy-to-follow introduction to iptables logging for beginners.

    Step 1: Check the Current Iptables Rules

    Before we begin, it is important to know the current iptables rules that are in place on your system. To do this, enter the following command in the terminal:

    sudo iptables -L 
    

    This command will show you the current iptables rules, including any rules for logging.

    Step 2: Enable Logging in Iptables

    To enable logging into iptables, we need to add a new rule to the iptables configuration. This can be done using the following command:

    sudo iptables -A INPUT -j LOG 
    

    This command adds a new rule that logs all incoming traffic. If you want to log only specific types of traffic, you can use the -p option to specify the protocol, such as TCP or UDP, and the -s option to specify the source IP address.

    sudo iptables -A INPUT -p TCP -s 192.168.10.0/24 -j LOG 
    

    To define the level of LOG generated by iptables use --log-level followed by the level number.

    sudo iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-level 4 
    

    We can also add some prefixes in generated Logs, So it will be easy to search for logs in a huge file.

    sudo iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-prefix '** SUSPECT **' 
    

    Step 3: Configure Syslog

    By default, iptables logs are sent to the kernel’s message buffer. To view these logs, you need to configure syslog to read the message buffer and write the logs to a file. This can be done by editing the syslog configuration file, typically located at /etc/syslog.conf or /etc/rsyslog.conf.

    You will need to add the following line to the syslog configuration file to enable iptables logging:

    1
    kern.* /var/log/iptables.log

    Step 4: Verify Logging

    To verify that logging has been enabled and configured correctly, enter the following command in the terminal:

    sudo tail -f /var/log/iptables.log 
    

    This command will display the last few lines of the iptables log file and will continue to display new lines as they are added to the file.

    You can also use log analyzers like logwatch, and iptables-log-parser to get more insights from the logs.

    Step 5: Disable Logging

    If you no longer wish to log iptables traffic, you can disable logging by removing the rule that was added in step 2. This can be done using the following command:

    sudo iptables -D INPUT -j LOG 
    

    Conclusion

    Enabling logging in iptables on a Linux system is an important step in monitoring and securing your network. By following the steps outlined in this guide, you should now have a basic understanding of how to enable logging in iptables and how to use logs to troubleshoot issues and improve security. Remember that logging in iptables is just one aspect of network security, and it’s important to keep your system updated, use strong passwords and be aware of other vulnerabilities in your network. Keep in mind that logging is a continuous process and you need to monitor it regularly to keep your system secure.

    firewall iptables logging
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    An Introduction to the “./configure” Command: Compiling Source Code in Linux

    Getting Started with Linux Command line: The Beginning

    Backing Up Your Linux System with Rsync: A Step-by-Step Guide

    View 7 Comments

    7 Comments

    1. Jay McLean on January 27, 2023 3:37 pm

      Rob, ironically funny that you’ve misspelled typo. Yea, it was a typo, however, this did the trick for me, so all’s well that ends well.

      Reply
    2. Bhushit on November 19, 2019 6:18 am

      Hi All,
      I want to log the NAT translations(source NAT) along with the timestamps, Info I want is:
      source IP(unnatted) source port dest IP dest port :: source IP(natted) source port dest IP dest port

      Please help me if its possible.

      Reply
    3. Zer00CooL on September 23, 2019 9:12 pm

      Change :
      tailf /var/log/kern.log
      by
      tail -f /var/log/kern.log

      Reply
    4. Henrique on November 22, 2017 7:35 pm

      If you have dificulty to log packets with anothers rules, use ‘iptables -I’ instead of ‘-A’, this put your logging rule at top of rules. Netfilter matches others rules and stop processing, but LOG is a non-blocking target, it’s secure to put in first place.

      Reply
    5. Don on November 7, 2017 11:35 am

      Great post thank you

      Reply
    6. NAME on April 23, 2016 10:46 pm

      Not very flexible youre solution.

      Better try this

      nano /etc/rsyslog.d/iptables.conf

      add this:
      “:msg,contains,”** SUSPECT **” /var/log/iptables.log
      &~

      ”
      without the quotes ofc

      then

      service rsyslog restart

      done

      cheers

      Reply
    7. Rob Freeman on March 18, 2016 9:14 pm

      Thanks for the information here. Just wanted to let you know, there is a type on one line.

      vi /etc/syslog.conf

      This should be

      vi /etc/rsyslog.conf

      Reply

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • How to Split Large Archives in Linux using the Command Line
    • System.out.println() Method in Java: A Beginner’s Guide
    • Split Command in Linux With Examples (Split Large Files)
    • Test Your Internet Speed from the Linux Terminal
    • 11 Practical Example of cat Command in Linux
    Facebook Twitter Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.