• VMware

    Learn about VMware virtualization for its products like vsphere ESX and ESXi, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • How to log iptables messages in a different log file



    Generally all the info to error level messages are logged inside /var/log/messages but it makes hard to differentiate between long list of logs inside messages.

    To separate the iptables related logs in different file follow the following procedure
    NOTE: For RHEL 6 file name will be rsyslog.conf

    To log all the iptables related messages
    # vi /etc/syslog.conf
    # Log all kernel messages to firewall.log.     
    kern.*                                                          /var/log/frewall.log
    # Log anything (except mail) of level info or higher.
    # Don't log private authentication messages!
    # Don't log kernel related any messages
    *.info;mail.none;authpriv.none;cron.none;kern.none                /var/log/messages

    To log only warning level iptables messages





    # Log all kernel messages to firewall.log.
    kern.warn                                                 /var/log/frewall-warn.log

    To log all the messages for info level to error level
    kern.info;kern.!crit          /var/log/firewall.log
    To log the messages as per their severity level in different files
    kern.*                       /var/log/iptables.log
    kern.crit                    /var/log/iptables-crit.log
    kern.info                    /var/log/iptables-info.log

    For more information on severity levels of syslog follow the below link
    SYSLOG Tutorial

    Once done restart the syslog services
    For RHEL 6
    # service rsyslog restart
    For RHEL 5 or older
    # service syslog restart

    For example
    Q. Create a rule to monitor the ping logs from 192.168.1.10 to the localhost
    # iptables -I INPUT -s 192.168.1.10 -p icmp -j LOG --log-prefix "PING TEST "
    Now let us verify it in our log file



    Try to ping from 192.168.1.10 and observe the log file
    # cat /var/log/iptables.log
    Mar  6 11:22:36 test1 kernel:
    PING TEST IN=eth3 OUT= MAC=00:0c:29:51:aa:e1:00:0c:29:a3:f5:fa:08:00 SRC=192.168.1.10 DST=192.168.1.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1037 SEQ=2
    Mar  6 11:23:03 test1 kernel:
    PING TEST IN=eth3 OUT= MAC=00:0c:29:51:aa:e1:00:0c:29:a3:f5:fa:08:00 SRC=192.168.1.10 DST=192.168.1.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=3341 SEQ=1
    Mar  6 11:23:04 test1 kernel:
    PING TEST IN=eth3 OUT= MAC=00:0c:29:51:aa:e1:00:0c:29:a3:f5:fa:08:00 SRC=192.168.1.10 DST=192.168.1.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=3341 SEQ=2


    Learn how to use iptables in simple steps with examples using below links
    Basic iptables tutorial I
    Basic iptables tutorial II

    Deepak Prasad

    is a techie and an author who is still trying to survive in this IT generation with very little knowledge he has on Linux/Unix, VMware, SAN Storage, Automation, networking etc

    You can follow him on Facebook or Google+


    Do you also have something to share here?
    Join GoLinuxHub Team as an Author, Click here for more information
    How to log iptables messages in a different log file How to log iptables messages in a different log file Reviewed by Deepak Prasad on Thursday, January 30, 2014 Rating: 5

    No comments:

    Powered by Blogger.