Logging iptables rules

Mischa · 01-05-2005, 04:32 AM

I want to log my iptables rules to a seperate file.

In a iptables manual I found the following

Quote:

In other words, setting kern.=info /var/log/iptables in your syslog.conf file and then letting all your LOG messages in iptables use log level info, would make all messages appear in the /var/log/iptables file.

After doing this, I created the following rule:
iptables -I FORWARD -p TCP -d any/0 --dport 80 -j LOG --log-level info --log-prefix "TEST "

Now all my traffic going to websites should be logged in /var/log/iptables, but there is no such file!
Even restarting the network or creating the file by hand didn't solve my problem.

Anyone?

Cedrik · 01-05-2005, 06:36 AM

Edit your /etc/syslog.conf and look for the info log line, mine is :

# Log anything 'info' or higher, but lower than 'warn'.
# Exclude authpriv, cron, mail, and news. These are logged elsewhere.
*.info;*.!warn;\
authpriv.none;cron.none;mail.none;news.none -/var/log/messages

So add iptables to the exclude list :
*.info;*.!warn;\
authpriv.none;cron.none;mail.none;news.none;iptables.none -/var/log/messages

And add an entry for iptables on another line :
iptables.* -/var/log/iptables

Mischa · 01-05-2005, 09:38 AM

Thanks for the tip;

Nothing is being logged into the files. Also the messages file doesn't contain logs of iptables

Killing and restarting syslogd didn't solve my problem either...

Cedrik · 01-05-2005, 02:20 PM

less /usr/include/sys/syslog.h
...
...
#define LOG_INFO 6 /* informational */
...

So :
iptables -I FORWARD -p TCP -d any/0 --dport 80 -j LOG --log-level=6 --log-prefix "TEST

cat /etc/syslog.conf
...
...
kern.=info -/var/log/iptables
...