How to log iptables messages in a different log file

Follow below link to send your log messages to remote server using tcp or udp ports

How to send log messages using rsyslog to remote server using tcp and udp ports (remote logging) in Red Hat Linux

Generally all the info to error level messages are logged inside /var/log/messages but it makes hard to differentiate between long list of logs inside messages.

To separate the iptables related logs in different file follow the following procedure
NOTE: For RHEL 6 file name will be rsyslog.conf

To log all the iptables related messages

# vi /etc/syslog.conf
# Log all kernel messages to firewall.log.     
kern.*                                                          /var/log/frewall.log
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
# Don't log kernel related any messages
*.info;mail.none;authpriv.none;cron.none;kern.none                /var/log/messages

To log only warning level iptables messages

# Log all kernel messages to firewall.log.
kern.warn                                                 /var/log/frewall-warn.log

To log all the messages for info level to error level

kern.info;kern.!crit          /var/log/firewall.log

To log the messages as per their severity level in different files

kern.*                       /var/log/iptables.log
kern.crit                    /var/log/iptables-crit.log
kern.info                    /var/log/iptables-info.log

For more information on severity levels of syslog follow the below link
SYSLOG Tutorial

Once done restart the syslog services
For RHEL 6

# service rsyslog restart

For RHEL 5 or older

# service syslog restart

For example
Q. Create a rule to monitor the ping logs from 192.168.1.10 to the localhost

# iptables -I INPUT -s 192.168.1.10 -p icmp -j LOG --log-prefix "PING TEST "

Now let us verify it in our log file

Try to ping from 192.168.1.10 and observe the log file

# cat /var/log/iptables.log
Mar  6 11:22:36 test1 kernel: PING TEST IN=eth3 OUT= MAC=00:0c:29:51:aa:e1:00:0c:29:a3:f5:fa:08:00 SRC=192.168.1.10 DST=192.168.1.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1037 SEQ=2
Mar  6 11:23:03 test1 kernel: PING TEST IN=eth3 OUT= MAC=00:0c:29:51:aa:e1:00:0c:29:a3:f5:fa:08:00 SRC=192.168.1.10 DST=192.168.1.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=3341 SEQ=1
Mar  6 11:23:04 test1 kernel: PING TEST IN=eth3 OUT= MAC=00:0c:29:51:aa:e1:00:0c:29:a3:f5:fa:08:00 SRC=192.168.1.10 DST=192.168.1.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=3341 SEQ=2

Learn how to use iptables in simple steps with examples using below links
Basic iptables tutorial I
Basic iptables tutorial II

Leave a Comment Cancel reply