Thursday, December 9, 2021

How to Enable Logging in Iptables on Linux

Ref:  https://tecadmin.net/enable-logging-in-iptables-on-linux/

Enabling logging on iptables is helpful for monitoring traffic coming to our server. This we can also find the number of hits done from any IP. This article will help enable logging in iptables for all packets filtered by iptables.

Enable Iptables LOG

We can simply use following command to enable logging in iptables.

iptables -A INPUT -j LOG

We can also define the source ip or range for which log will be created.

iptables -A INPUT -s 192.168.10.0/24 -j LOG

To define level of LOG generated by iptables us –log-level followed by level number.

iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-level 4

We can also add some prefix in generated Logs, So it will be easy to search for logs in a huge file.

iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-prefix '** SUSPECT **'

View Iptables LOG

After enabling iptables logs. check following log files to view logs generated by iptables as per your operating system.

On Ubuntu and Debian

iptables logs are generated by the kernel. So check following kernel log file.

tail -f /var/log/kern.log

On CentOS/RHEL and Fedora

cat /var/log/messages
at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Install and use xorg-server on macOS via Homebrew

  The instructions to install and use xorg-server on macOS via Homebrew: Install Homebrew (if you haven't already): /bin/bash -c ...