OS: Ubuntu 10.04
Logging daemon: rsyslog
For some reason i'm not getting any iptables logs, even thought i don't look through them very often i'd still like to get it working for the sake of it working XD
Here is my /etc/ryslog.d/iptables.conf
:msg, contains, "[IPTABLES]" -/var/log/iptables.log
& ~
My iptables logging prefix is "[IPTABLES]" followed by whatever else (example [IPTABLES] Denied xyz)
the /var/log/iptables.log file is being created, however its not getting any entries.
I can see the logging entries in dmesg but not in syslog or messages.
Whats going on?
EDIT: My iptables logging rules:
# logging limit
LoggingLimit=5/min
LoggingPrefix=IPTABLES
# Logging chain
iptables -N LOG_REJECT
iptables -A LOG_REJECT -j LOG
# join INPUT to LOG_REJECT
iptables -A INPUT -j LOG_REJECT
# logging
iptables -A LOG_REJECT -p tcp -m limit --limit $LoggingLimit -j LOG --log-prefix "$LoggingPrefix Denied TCP: " #--log-level 7
iptables -A LOG_REJECT -p udp -m limit --limit $LoggingLimit -j LOG --log-prefix "$LoggingPrefix Denied UDP: " #--log-level 7
iptables -A LOG_REJECT -p icmp -m limit --limit $LoggingLimit -j LOG --log-prefix "$LoggingPrefix Denied ICMP: " #--log-level 7
Update: I found a thread that has the same symptoms as i do, apparently is a kernel bug. I am using a VPS so could anyone point me on how to upgrade my kernel or apply a workaround? I couldn't find a 2.6.34 kernel listed in apt-cache.
Best Answer
Instead of "[IPTABLES]", try using "IPTABLES" only. It may work.