Trending News

Blog

How to Enable Iptables Logging on Linux
Guide

How to Enable Iptables Logging on Linux 

Enabling logging on Iptables aids in tracking traffic to our server. We can also use this to estimate the number of hits generated by any IP address. This article will show you how to enable logging for all packets filtered by Iptables.

Table of Contents

Enable Iptables Logging

To Enable Iptables Logging, simply run the following command.
iptables -A INPUT -j LOG

We can also define the IP address or range from which the log will be generated.

iptables -A INPUT -s 192.168.10.0/24 -j LOG

Use –log-level followed by a number to define the level of LOG provided by Iptables.

iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-level 4

We can also add a prefix to the generated logs to make it easier to find logs in a big file.

iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-prefix '** SUSPECT **'

Check Iptables Log

After enabling logging on Iptables. Check logs generated by Iptables according to your operating system by looking at the following log files.

Check logs On Ubuntu and Debian

The kernel generates the Iptables logs. As a result, take a look at the kernel log file below.
tail -f /var/log/kern.log

Check Logs on CentOS/RHEL and Fedora

cat /var/log/messages

Change the name of the Iptables LOG file

To change the name of the iptables log file, edit the /etc/rsyslog.conf file and apply the following configuration.
vi /etc/syslog.conf

Insert the following line:

kern.warning /var/log/iptables.log
Now, use the following command to restart the rsyslog service.
service rsyslog restart
Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on reddit
Share on vk
Share on tumblr
Share on skype
Share on stumbleupon
Share on whatsapp

Related posts

Leave a Reply

Required fields are marked *