Account Links: Cart | Your Account | Logout

Skip to content

Red Hat Knowledgebase

Red Hat Knowledgebase Search:

Updated Within the Last:

New Solutions within the last day New Solutions within the last week New Solutions within the last month

Browse by topics:


Click to View a Topic
Red Hat Enterprise Linux > Security > Issue <<  78 of 216 >>

Solution Tools:


Email a Solution Postcard Printer version Submit a comment on this answer Update notifications Request an answer Back

Article Reference

Article ID: 6053
Last update: 08-19-05
Issue:
How can I log the iptables messages to a different log file?
Resolution:

In this example, we will create a new logfile within the /var/log directory called iptables.

Make a backup of /etc/syslog.conf before making any changes to it.

# cp /etc/syslog.conf /etc/syslog.conf.bak

Edit /etc/syslog.conf with an editor such as vi and add lines:

# comment iptables log
kern.warning			/var/log/iptables

Make sure the iptables rule is logging at the appropriate level.

This can be done by using the –log-level switch. Default log-level is warning.

This example will log ssh attempts:

# iptables -I INPUT -p tcp - - dport 22 -j LOG –log-level 4

Log Levels can be found using command:

$ man syslog.conf

Log Levels
0		emerg or panic
1		alert
2		crit
3		err or error
4		warn or warning

Note: Consider adding a prefix to your iptables rule. This makes it easier to separate the firewall message from the few random messages that the kernel puts out.

This example will log ping and add the prefix "#### Firewall ####".

# iptables -I INPUT -p icmp –icmp-type ping -j LOG –log-prefix ' #### Firewall #### '

See additional Knowledgebase articles on how to set-up iptables logging with a prefix.


How well did this entry answer your question?


good wrong incomplete out of date
Red Hat Enterprise Linux > Security > Issue <<   78  of  216  >>