Configuring a custom log file for iptables

The problem is that there shouldn't be a space between - and /

This is a an alternative approach using ulogd. I would suggest this mechanism as it stops the kernel logging mechanism -m LOG uses (which has the grievous side effect of filling your dmesg log as well).

First you'll need ulogd, which you can get with an apt-get install ulogd. Edit your /etc/ulogd.conf, enable this module (by removing the # at the start of the line):

plugin="/usr/lib/ulogd/ulogd_LOGEMU.so"

and change/add the section [LOGEMU]:

[LOGEMU]
file="/var/log/iptables.log"
sync=1

And then restart your ulogd with /etc/init.d/ulogd restart. Then instead of -j LOG use -j ULOG on your iptables rules. The ULOG module has no concept of --log-level so you can remove those options. It also uses --ulog-prefix instead of --log-prefix.

This can be possible using :

To disable iptables logs in syslog , do modification as below in /etc/rsyslog.d/50-default.conf:

*.*;auth,authpriv.none;kern.*=!kern.warning             -/var/log/syslog

To log in separate file; append :

kern.=warning -/var/log/iptables.log

then once restart syslog or rsyslog and tail the logs

/etc/init.d/rsyslog restart

It's works in syslog and rsyslog also

Configuring a custom log file for iptables

Tags:

Debian

Iptables

Rsyslog

Logs

Related

Recent Posts