CentOS and iptables Logging

centoscentos6firewalliptableslogging

I am working with some CentOS rules and would like to be able to log the dropped items from iptables out to a separate file. What is the best way to setup CentOS to log dropped iptables matches to a log file under /var/log that is not equal to the messages file.

If it matters, I am using both CentOS 5.5 and newer as well as CentOS 6.x.

Best Answer

There are many ways to redirect iptables output to a separate file.

Iptables supports a a ULOG target, that will send all log messages to a netlink socket instead of the kernel syslog output. There are applications that can read from that ULOG socket and store your logs in databases or files.

For logging with the LOG target you can do things like set a prefix to the log entry, with --log-prefix, and if you are using a more advanced syslog daemon then you can filter based on that pattern, and save the entries into a separate file.

Related Solutions

Linux iptables – Troubleshooting Logging Issues

Instead of "[IPTABLES]", try using "IPTABLES" only. It may work.

Ubuntu – How to log iptables in Ubuntu just in /var/log/firewall with rsyslogd

Use a discard action after the iptables log, but before the other logs.

kern.warning   /var/log/firewall.log
kern.warning   ~
*.*            /var/log/messages

Best Answer

Related Solutions

Linux iptables – Troubleshooting Logging Issues

Ubuntu – How to log iptables in Ubuntu just in /var/log/firewall with rsyslogd

Related Topic