Ubuntu: Redirect iptables logging to another logfile



Question:

I have followed the recipe by @Gilles in this answer. I succeeded, but the problem is that the iptables logging now goes into 3 log files, syslog, kern.log and iptables.log.

Ideally, I want the iptables logging go only into one file, iptables.log.


Solution:1

The problem was that rsyslog was loading the 50-default.conf preferences before the custom preferences set in my_iptables.conf.

The solution was to add a number prefix to the conf filename, one that was lower than 50. So I renamed it to 10-my_iptables.conf.

File /etc/rsyslog.d/10-my_iptables.conf

# Log kernel generated iptables log messages to file  :msg,contains,"[ipT" /var/log/iptables.log  & ~  

iptables logging prefix:

... -j LOG --log-prefix "[ipT4] ...  

ip6tables logging prefix:

... -j LOG --log-prefix "[ipT6] ...  

Then I restarted rsyslog:

# sudo service rsyslog restart  

This had the desired effect -- all iptables logging was now directed to '/var/log/iptables.log'.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »