Originally Posted by nekkutta
I was wondering if there is a way to place all the iptables LOG entries into a separate log file through the syslog.conf
Yes, there is. Iptables logs use the kernel facility, so you have to assign a log level to the iptables log and then add a new entry to the /etc/syslog.conf file. In details:
1. Assign a log-level 7 to the iptables LOG. Log level 7 corresponds to "debug" and since the kernel spit out very few messages at debug level, your logfile will be populated almost entirely from the iptables logs. If your firewall script does not explicitly assigns a log-level to the LOG entries, you can add the option
to the relevant lines (those ones with -j LOG). Then restart the firewall service to update the iptables.
2. Add to the /etc/syslog.conf file the following entry
this will tell syslog to log messages from kernel only at debug priority into the file /var/log/iptables.log (choose the name you want for the logfile). Of course check if an entry like kern.debug or kern.=debug does not already exist in your /etc/syslog.conf.
3. Restart the syslog daemon. At this point the logfile will be created and will start to be populated.