Facebook Twitter Instagram
    TecAdmin
    • Home
    • Ubuntu 20.04
      • Upgrade Ubuntu
      • Install Java
      • Install Node.js
      • Install Docker
      • Install LAMP Stack
    • Tutorials
      • AWS
      • Shell Scripting
      • Docker
      • Git
      • MongoDB
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    Home»General Articles»How to Enable Logging in Iptables on Linux

    How to Enable Logging in Iptables on Linux

    RahulBy RahulJanuary 12, 20152 Mins ReadUpdated:September 26, 2019

    Enabling logging on iptables is helpful for monitoring traffic coming to our server. This we can also find the number of hits done from any IP. This article will help enable logging in iptables for all packets filtered by iptables.

    Enable Iptables LOG

    We can simply use following command to enable logging in iptables.

    iptables -A INPUT -j LOG
    

    We can also define the source ip or range for which log will be created.

    iptables -A INPUT -s 192.168.10.0/24 -j LOG
    

    To define level of LOG generated by iptables us –log-level followed by level number.

    iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-level 4
    

    We can also add some prefix in generated Logs, So it will be easy to search for logs in a huge file.

    iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-prefix '** SUSPECT **'
    

    View Iptables LOG

    After enabling iptables logs. check following log files to view logs generated by iptables as per your operating system.

    On Ubuntu and Debian

    iptables logs are generated by the kernel. So check following kernel log file.

    tail -f /var/log/kern.log
    

    On CentOS/RHEL and Fedora

    cat /var/log/messages
    

    Change Iptables LOG File Name

    To change iptables log file name edit /etc/rsyslog.conf file and add following configuration in file.

    vi /etc/syslog.conf
    

    Add the following line

    kern.warning /var/log/iptables.log
    

    Now, restart rsyslog service using the following command.

    service rsyslog restart
    
    firewall iptables logging
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp
    Previous ArticleHow to Use Systemctl Command to Manage Systemd Services
    Next Article How to Install Nagios 4.4 on Ubuntu 18.04 & 16.04 LTS

    Related Posts

    How to Enable / disable Firewall in Windows

    Updated:May 17, 20222 Mins Read

    How to Find Django Install Location in Linux

    Updated:April 27, 20221 Min Read

    (Resolved) – ReactJS 404 Error on Page Reload

    2 Mins Read

    Adding a New SSH Key in GitHub

    Updated:April 1, 20223 Mins Read

    13 Best Linux Terminal Emulators and Bash Editors

    8 Mins Read

    How To Install Oracle VirtualBox on Debian 11

    2 Mins Read

    6 Comments

    1. Bhushit on November 19, 2019 6:18 am

      Hi All,
      I want to log the NAT translations(source NAT) along with the timestamps, Info I want is:
      source IP(unnatted) source port dest IP dest port :: source IP(natted) source port dest IP dest port

      Please help me if its possible.

      Reply
    2. Zer00CooL on September 23, 2019 9:12 pm

      Change :
      tailf /var/log/kern.log
      by
      tail -f /var/log/kern.log

      Reply
    3. Henrique on November 22, 2017 7:35 pm

      If you have dificulty to log packets with anothers rules, use ‘iptables -I’ instead of ‘-A’, this put your logging rule at top of rules. Netfilter matches others rules and stop processing, but LOG is a non-blocking target, it’s secure to put in first place.

      Reply
    4. Don on November 7, 2017 11:35 am

      Great post thank you

      Reply
    5. NAME on April 23, 2016 10:46 pm

      Not very flexible youre solution.

      Better try this

      nano /etc/rsyslog.d/iptables.conf

      add this:
      “:msg,contains,”** SUSPECT **” /var/log/iptables.log
      &~

      ”
      without the quotes ofc

      then

      service rsyslog restart

      done

      cheers

      Reply
    6. Rob Freeman on March 18, 2016 9:14 pm

      Thanks for the information here. Just wanted to let you know, there is a type on one line.

      vi /etc/syslog.conf

      This should be

      vi /etc/rsyslog.conf

      Reply

    Leave A Reply Cancel Reply

    Recent Posts
    • How to Enable / disable Firewall in Windows
    • How to Install JAVA on Ubuntu 22.04
    • Switching Display Manager in Ubuntu – GDM, LightDM & SDDM
    • Changing the Login Screen Background in Ubuntu 22.04 & 20.04
    • How To Install PHP (8.1, 7.4 or 5.6) on Ubuntu 22.04
    Facebook Twitter Instagram Pinterest
    © 2022 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.