I have this rule in my iptables:
iptables -A INPUT -s 192.168.11.0/24 -j LOG
My question is:
Where is the iptables log file, and how can I change that?
I have this rule in my iptables:
iptables -A INPUT -s 192.168.11.0/24 -j LOG
My question is:
Where is the iptables log file, and how can I change that?
These logs are generated by the kernel, so they go to the file that receives kernel logs: /var/log/kern.log
.
If you want to redirect these logs to a different file, that can't be done through iptables. It can be done in the configuration of the program that dispatches logs: rsyslog. In the iptables rule, add a prefix that isn't used by any other kernel log:
iptables -A INPUT -s 192.168.11.0/24 -j LOG --log-prefix='[netfilter] '
Following the example set by 20-ufw.conf
, create a file under /etc/rsyslog.d/00-my_iptables.conf
containing:
:msg,contains,"[netfilter] " -/var/log/iptables.log
& stop
Putting the rule early (the file names in /etc/rsyslog.d
are used in lexicographic order) and adding &stop
causes these logs to go only to the specified location and not to the default location as well.
Rsyslog has to be restarted for the config changes to take place.