I am trying to log all connections to my ssh server. I want to see every ip that connects.

Here's what I have in my firewall script.

/sbin/iptables -A INPUT --protocol tcp --destination-port 22 --match state --state NEW --jump LOG --log-
prefix "Connected to SSH port 22" --log-level 4

I've added a line in my syslog.conf that says:
kern.warning /var/log/iptables.log


Have I done something wrong, I restarted the syslogd and iptables rules, I expected to see my connections to the machine via ssh but my /var/log/iptables.log is empty.

BTW this is running on Fedora Core 9. Thanks again..

Thanks,
Joe

Did you restart syslog after modifying syslog.conf ?

/etc/init.d/syslog restart

Yes, I restarted it. I see in the log where iptables was restarted as well, however I didn't see my new ssh connection. I just want to see all ssh connections. Does the log rule look correct? I moved it to the top prior to any other rules.

I'm moving this to Software, as it's a configuration issue, not a security one. As a side note, logging packets in state NEW won't necessarily show you IPs who have SSH connections open. It's just gonna show you any IP which sent a packet in state NEW to port 22. If you want to log actual connections you should log packets in state ESTABLISHED.

Ok thanks for the heads up and sorry for the wrong forum...