Iptables logs are generated in /var/log/messages, so its getting difficult to check other messages from /var/log/messages as iptables generates a huge bulk of logs.

For moving iptables log to different directory, we have to do changes in following configuration files.
1.) /etc/syslog.conf
In the above file append the following line.
kern.warning                                            /home/log/iptables.log

Also make changes in syslog.conf file as shown below ..

# Log anything (except mail) of level info or higher.

# Don’t log private authentication messages!
*.info;mail.none;authpriv.none;cron.none         /var/log/messages

to…………………

# Log anything (except mail) of level info or higher.
# Don’t log private authentication messages!
*.info;mail.none;authpriv.none;cron.none;kernel.warning         /var/log/messages

Now just restart the syslogd daemon.

[root@gateway ~]# /etc/init.d/syslog restart
Shutting down kernel logger:                                [  OK  ]
Shutting down system logger:                               [  OK  ]
Starting system logger:                                         [  OK  ]
Starting kernel logger:                                          [  OK  ]

You can now see all iptables message logged to /home/log/iptables.log file:
[root@gateway ~]# tailf /home/log/iptables.log
Oct  4 00:33:06 gateway last message repeated 2 times
Oct  4 00:33:06 gateway kernel: IN=eth1 OUT=

Posted in: Linux.
Last Modified: November 19, 2013

Leave a reply