Here is log level table to describe priority keyword.

Priority Keyword Description
0 debug Debug-level messages.
1 info Informational messages.
2 notice Normal but significant condition.
3 warning Warning conditions.
4 err Error conditions.
5 crit Critical conditions.
6 alert Immediate action required.
7 emerg System is unstable.


sudo iptables -A INPUT -p tcp --sport 80 -j LOG --log-level 4
sudo service rsyslog restart

To cat log file in serveral minutes

cat /var/log/iptables.log #iptables log had been put here /var/log/iptables.log separately

Feb 6 21:01:39 hwy kernel: [16609.411694] IN=eth0 OUT= MAC=e0:30:40:50:60:70:f8:32:e4:96:96:b4:08:00 SRC=198.252.206.25
DST=192.168.1.176 LEN=239 TOS=0x04 PREC=0x00 TTL=45 ID=3269 DF PROTO=TCP SPT=80 DPT=47699 SEQ=2734110881 ACK=1779183241 WINDOW=57 RES=0x00 ACK FIN URGP=0
Feb 6 21:01:41 hwy kernel: [16611.413402] IN=eth0 OUT= MAC=e0:30:40:50:60:70:f8:32:e4:96:96:b4:08:00 SRC=198.252.206.25
DST=192.168.1.176 LEN=239 TOS=0x04 PREC=0x00 TTL=45 ID=15115 DF PROTO=TCP SPT=80 DPT=47697 SEQ=1519714542 ACK=3252168617 WINDOW=57 RES=0x00 ACK FIN URGP=0

What does err log mean here?
Are there net traffice accidents between my pc and remote host?
Someone attack me?

No, it's logging any tcp packet with a source port of 80 - just like you told it to.

The log level determines which logfile (r)syslog will put it into, depending on your configuration.

You've told it to treat the entries as 'err' level messages, so syslog will act on them according to it's configuration.

1 members found this post helpful.