Often we have logs from various services in a single file, making it difficult to see the really useful information. iptables allows us to configure syslog levels with which we can make iptables logs end up in a specific file, making it easier to parse or simply analyze them.
We create the file where we will store the logs:
touch /var/log/iptables.log
In the iptables rule, we must indicate the log-level to use:
- 0 emerg
- 1 alert
- 2 crit
- 3 err
- 4 warning
- 5 notice
- 6 info
- 7 debug
We configure ssh to log at loglevel 6, iptables does not allow indicating facility:
iptables -I INPUT 1 -p tcp --dport 7777 -j LOG --log-prefix “IPTables-7777 port: " --log-level 6
We configure the destinations, filters of syslog-ng :
vi /etc/syslog-ng/syslog-ng.conf
destination iptables { file("/var/log/iptables.log"); };
filter f_iptables { level(info); };
log { source(src); filter(f_iptables); destination(iptables); };
Everything that matches the filter will end up in the appropriate file ;)
/etc/init.d/syslog-ng restart