Enable iptables logging on Ubuntu Linux








The following solution can enable the iptables logging to /var/log/iptables.log:
  1. Make sure you have --log-prefix set in your iptables entries. e.g.
    iptables -A INPUT -j LOG --log-prefix "[IPTABLES "
  2. Create & edit /etc/rsyslog.d/15-iptables.conf file, and add the following lines:
    :msg,contains,"[IPTABLES " /var/log/iptables.log
    & ~
    
  3. Create & edit /etc/logrotate.d/iptables file, and add the following lines:
    /var/log/iptables.log
    {
     rotate 4
     weekly
     missingok
     notifempty
     compress
     delaycompress
     sharedscripts
     postrotate
      reload rsyslog >/dev/null 2>&1 || true
     endscript
    }
    
  4. Restart rsyslogd:
    sudo /etc/init.d/rsyslog restart

NOTE:

In the solution above, [IPTABLES is used as the --log-prefix. You can replace it with anything you like but remember to update /etc/rsyslog.d/15-iptables.conf file.


References:




No comments:

Post a Comment