How to log only iptables messages into my /var/log/iptables.log?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I want to log only iptables message into /var/log/iptables.log.
Here is my way.
sudo vim /etc/rsyslog.conf
kern.* -/var/log/iptables.log
sudo vim /etc/rsyslog.d/iptables.conf
:msg, startswith, "NETFILTER" -/var/log/iptables.log
& ~
sudo iptables -A OUTPUT -m limit --limit 10/m -j LOG --log-prefix NETFILTER
sudo iptables-save > /etc/iptables/rules.v4
sudo systemctl restart rsyslog
And to clear all log messages in /var/log/iptables.log.
sudo echo "" |sudo tee /var/log/iptables.log
Now to reboot pc.
sudo cat /var/log/iptables.log
Nov 19 09:21:29 MiWiFi kernel: [ 7.069752] input: Eee PC WMI hotkeys as /devices/platform/eeepc-wmi/input/input15
Nov 19 09:21:29 MiWiFi kernel: [ 7.069918] asus_wmi: Number of fans: 1
Nov 19 09:21:29 MiWiFi kernel: [ 7.264095] Adding 1952764k swap on /dev/sda5. Priority:-1 extents:1 across:1952764k FS
Nov 19 09:21:29 MiWiFi kernel: [ 11.464093] ip6_tables: (C) 2000-2006 Netfilter Core Team
Nov 19 09:21:31 MiWiFi kernel: [ 13.153842] Netfilter messages via NETLINK v0.30.
Nov 19 09:21:31 MiWiFi kernel: [ 13.529229] r8169 0000:03:00.0: firmware: failed to load rtl_nic/rtl8168g-2.fw (-2)
Nov 19 09:21:31 MiWiFi kernel: [ 13.529300] r8169 0000:03:00.0: Direct firmware load for rtl_nic/rtl8168g-2.fw failed with error -2
Nov 19 09:21:31 MiWiFi kernel: [ 13.529307] r8169 0000:03:00.0 enp3s0: unable to load firmware patch rtl_nic/rtl8168g-2.fw (-2)
Nov 19 09:21:31 MiWiFi kernel: [ 13.542639] r8169 0000:03:00.0 enp3s0: link down
Nov 19 09:21:31 MiWiFi kernel: [ 13.542657] r8169 0000:03:00.0 enp3s0: link down
Nov 19 09:21:31 MiWiFi kernel: [ 13.542749] IPv6: ADDRCONF(NETDEV_UP): enp3s0: link is not ready
Nov 19 09:21:33 MiWiFi kernel: [ 15.517613] NET: Registered protocol family 4
Nov 19 09:21:33 MiWiFi kernel: [ 15.543358] NET: Registered protocol family 3
Nov 19 09:21:33 MiWiFi kernel: [ 15.573343] NET: Registered protocol family 5
Nov 19 09:21:34 MiWiFi kernel: [ 16.105505] r8169 0000:03:00.0 enp3s0: link up
Nov 19 09:21:34 MiWiFi kernel: [ 16.105513] IPv6: ADDRCONF(NETDEV_CHANGE): enp3s0: link becomes ready
Nov 19 09:21:36 MiWiFi kernel: [ 18.128165] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 MARK=0xd4
Nov 19 09:21:36 MiWiFi kernel: [ 18.173678] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.251 LEN=236 TOS=0x00 PREC=0x00 TTL=255 ID=65025 DF PROTO=UDP SPT=5353 DPT=5353 LEN=216
Nov 19 09:21:36 MiWiFi kernel: [ 18.424244] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.251 LEN=236 TOS=0x00 PREC=0x00 TTL=255 ID=65028 DF PROTO=UDP SPT=5353 DPT=5353 LEN=216
Nov 19 09:21:36 MiWiFi kernel: [ 18.674976] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.251 LEN=236 TOS=0x00 PREC=0x00 TTL=255 ID=65082 DF PROTO=UDP SPT=5353 DPT=5353 LEN=216
Nov 19 09:21:36 MiWiFi kernel: [ 18.812203] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 MARK=0xd4
Nov 19 09:21:42 MiWiFi kernel: [ 24.142666] fuse init (API version 7.26)
Nov 19 09:21:56 MiWiFi kernel: [ 38.904380] NETFILTERIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2471 DF PROTO=TCP SPT=59188 DPT=4101 WINDOW=43690 RES=0x00 SYN URGP=0
Part 1 is the info on kernel start for my pc such as following.
Nov 19 09:21:29 MiWiFi kernel: [ 7.069752] input: Eee PC WMI hotkeys as /devices/platform/eeepc-wmi/input/input15
Nov 19 09:21:29 MiWiFi kernel: [ 7.069918] asus_wmi: Number of fans: 1
Nov 19 09:21:29 MiWiFi kernel: [ 7.264095] Adding 1952764k swap on /dev/sda5. Priority:-1 extents:1 across:1952764k FS
Nov 19 09:21:29 MiWiFi kernel: [ 11.464093] ip6_tables: (C) 2000-2006 Netfilter Core Team
Nov 19 09:21:31 MiWiFi kernel: [ 13.153842] Netfilter messages via NETLINK v0.30.
Part 2 is the info on iptables messages for my pc such as following.
Nov 19 09:21:36 MiWiFi kernel: [ 18.812203] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 MARK=0xd4
Nov 19 09:21:56 MiWiFi kernel: [ 38.904380] NETFILTERIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2471 DF PROTO=TCP SPT=59188 DPT=4101 WINDOW=43690 RES=0x00 SYN URGP=0
How to log only iptables messages (part 2 instead of part 1) into my /var/log/iptables.log ,not contains both kernel info and iptables info in /var/log/iptables.log ?
iptables logs rsyslog
asked Nov 19 '17 at 6:43
scrapy
317213
add a comment |Â
up vote
0
down vote
favorite
I want to log only iptables message into /var/log/iptables.log.
Here is my way.
sudo vim /etc/rsyslog.conf
kern.* -/var/log/iptables.log
sudo vim /etc/rsyslog.d/iptables.conf
:msg, startswith, "NETFILTER" -/var/log/iptables.log
& ~
sudo iptables -A OUTPUT -m limit --limit 10/m -j LOG --log-prefix NETFILTER
sudo iptables-save > /etc/iptables/rules.v4
sudo systemctl restart rsyslog
And to clear all log messages in /var/log/iptables.log.
sudo echo "" |sudo tee /var/log/iptables.log
Now to reboot pc.
sudo cat /var/log/iptables.log
Nov 19 09:21:29 MiWiFi kernel: [ 7.069752] input: Eee PC WMI hotkeys as /devices/platform/eeepc-wmi/input/input15
Nov 19 09:21:29 MiWiFi kernel: [ 7.069918] asus_wmi: Number of fans: 1
Nov 19 09:21:29 MiWiFi kernel: [ 7.264095] Adding 1952764k swap on /dev/sda5. Priority:-1 extents:1 across:1952764k FS
Nov 19 09:21:29 MiWiFi kernel: [ 11.464093] ip6_tables: (C) 2000-2006 Netfilter Core Team
Nov 19 09:21:31 MiWiFi kernel: [ 13.153842] Netfilter messages via NETLINK v0.30.
Nov 19 09:21:31 MiWiFi kernel: [ 13.529229] r8169 0000:03:00.0: firmware: failed to load rtl_nic/rtl8168g-2.fw (-2)
Nov 19 09:21:31 MiWiFi kernel: [ 13.529300] r8169 0000:03:00.0: Direct firmware load for rtl_nic/rtl8168g-2.fw failed with error -2
Nov 19 09:21:31 MiWiFi kernel: [ 13.529307] r8169 0000:03:00.0 enp3s0: unable to load firmware patch rtl_nic/rtl8168g-2.fw (-2)
Nov 19 09:21:31 MiWiFi kernel: [ 13.542639] r8169 0000:03:00.0 enp3s0: link down
Nov 19 09:21:31 MiWiFi kernel: [ 13.542657] r8169 0000:03:00.0 enp3s0: link down
Nov 19 09:21:31 MiWiFi kernel: [ 13.542749] IPv6: ADDRCONF(NETDEV_UP): enp3s0: link is not ready
Nov 19 09:21:33 MiWiFi kernel: [ 15.517613] NET: Registered protocol family 4
Nov 19 09:21:33 MiWiFi kernel: [ 15.543358] NET: Registered protocol family 3
Nov 19 09:21:33 MiWiFi kernel: [ 15.573343] NET: Registered protocol family 5
Nov 19 09:21:34 MiWiFi kernel: [ 16.105505] r8169 0000:03:00.0 enp3s0: link up
Nov 19 09:21:34 MiWiFi kernel: [ 16.105513] IPv6: ADDRCONF(NETDEV_CHANGE): enp3s0: link becomes ready
Nov 19 09:21:36 MiWiFi kernel: [ 18.128165] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 MARK=0xd4
Nov 19 09:21:36 MiWiFi kernel: [ 18.173678] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.251 LEN=236 TOS=0x00 PREC=0x00 TTL=255 ID=65025 DF PROTO=UDP SPT=5353 DPT=5353 LEN=216
Nov 19 09:21:36 MiWiFi kernel: [ 18.424244] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.251 LEN=236 TOS=0x00 PREC=0x00 TTL=255 ID=65028 DF PROTO=UDP SPT=5353 DPT=5353 LEN=216
Nov 19 09:21:36 MiWiFi kernel: [ 18.674976] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.251 LEN=236 TOS=0x00 PREC=0x00 TTL=255 ID=65082 DF PROTO=UDP SPT=5353 DPT=5353 LEN=216
Nov 19 09:21:36 MiWiFi kernel: [ 18.812203] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 MARK=0xd4
Nov 19 09:21:42 MiWiFi kernel: [ 24.142666] fuse init (API version 7.26)
Nov 19 09:21:56 MiWiFi kernel: [ 38.904380] NETFILTERIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2471 DF PROTO=TCP SPT=59188 DPT=4101 WINDOW=43690 RES=0x00 SYN URGP=0
Part 1 is the info on kernel start for my pc such as following.
Nov 19 09:21:29 MiWiFi kernel: [ 7.069752] input: Eee PC WMI hotkeys as /devices/platform/eeepc-wmi/input/input15
Nov 19 09:21:29 MiWiFi kernel: [ 7.069918] asus_wmi: Number of fans: 1
Nov 19 09:21:29 MiWiFi kernel: [ 7.264095] Adding 1952764k swap on /dev/sda5. Priority:-1 extents:1 across:1952764k FS
Nov 19 09:21:29 MiWiFi kernel: [ 11.464093] ip6_tables: (C) 2000-2006 Netfilter Core Team
Nov 19 09:21:31 MiWiFi kernel: [ 13.153842] Netfilter messages via NETLINK v0.30.
Part 2 is the info on iptables messages for my pc such as following.
Nov 19 09:21:36 MiWiFi kernel: [ 18.812203] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 MARK=0xd4
Nov 19 09:21:56 MiWiFi kernel: [ 38.904380] NETFILTERIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2471 DF PROTO=TCP SPT=59188 DPT=4101 WINDOW=43690 RES=0x00 SYN URGP=0
How to log only iptables messages (part 2 instead of part 1) into my /var/log/iptables.log ,not contains both kernel info and iptables info in /var/log/iptables.log ?
iptables logs rsyslog
asked Nov 19 '17 at 6:43
scrapy
317213
You need to remove the linekern.* -/var/log/iptables.logif you dont want all kernel messages in that log file.
– meuh
Nov 19 '17 at 7:16
if you removekern.* -/var/log/iptables.log,both part1 and part2 will not be written into iptables.log.
– scrapy
Nov 19 '17 at 11:18
Stop rsyslog and run it by hand with debug:sudo rsyslogd -dn
– meuh
Nov 19 '17 at 14:08
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I want to log only iptables message into /var/log/iptables.log.
Here is my way.
sudo vim /etc/rsyslog.conf
kern.* -/var/log/iptables.log
sudo vim /etc/rsyslog.d/iptables.conf
:msg, startswith, "NETFILTER" -/var/log/iptables.log
& ~
sudo iptables -A OUTPUT -m limit --limit 10/m -j LOG --log-prefix NETFILTER
sudo iptables-save > /etc/iptables/rules.v4
sudo systemctl restart rsyslog
And to clear all log messages in /var/log/iptables.log.
sudo echo "" |sudo tee /var/log/iptables.log
Now to reboot pc.
sudo cat /var/log/iptables.log
Nov 19 09:21:29 MiWiFi kernel: [ 7.069752] input: Eee PC WMI hotkeys as /devices/platform/eeepc-wmi/input/input15
Nov 19 09:21:29 MiWiFi kernel: [ 7.069918] asus_wmi: Number of fans: 1
Nov 19 09:21:29 MiWiFi kernel: [ 7.264095] Adding 1952764k swap on /dev/sda5. Priority:-1 extents:1 across:1952764k FS
Nov 19 09:21:29 MiWiFi kernel: [ 11.464093] ip6_tables: (C) 2000-2006 Netfilter Core Team
Nov 19 09:21:31 MiWiFi kernel: [ 13.153842] Netfilter messages via NETLINK v0.30.
Nov 19 09:21:31 MiWiFi kernel: [ 13.529229] r8169 0000:03:00.0: firmware: failed to load rtl_nic/rtl8168g-2.fw (-2)
Nov 19 09:21:31 MiWiFi kernel: [ 13.529300] r8169 0000:03:00.0: Direct firmware load for rtl_nic/rtl8168g-2.fw failed with error -2
Nov 19 09:21:31 MiWiFi kernel: [ 13.529307] r8169 0000:03:00.0 enp3s0: unable to load firmware patch rtl_nic/rtl8168g-2.fw (-2)
Nov 19 09:21:31 MiWiFi kernel: [ 13.542639] r8169 0000:03:00.0 enp3s0: link down
Nov 19 09:21:31 MiWiFi kernel: [ 13.542657] r8169 0000:03:00.0 enp3s0: link down
Nov 19 09:21:31 MiWiFi kernel: [ 13.542749] IPv6: ADDRCONF(NETDEV_UP): enp3s0: link is not ready
Nov 19 09:21:33 MiWiFi kernel: [ 15.517613] NET: Registered protocol family 4
Nov 19 09:21:33 MiWiFi kernel: [ 15.543358] NET: Registered protocol family 3
Nov 19 09:21:33 MiWiFi kernel: [ 15.573343] NET: Registered protocol family 5
Nov 19 09:21:34 MiWiFi kernel: [ 16.105505] r8169 0000:03:00.0 enp3s0: link up
Nov 19 09:21:34 MiWiFi kernel: [ 16.105513] IPv6: ADDRCONF(NETDEV_CHANGE): enp3s0: link becomes ready
Nov 19 09:21:36 MiWiFi kernel: [ 18.128165] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 MARK=0xd4
Nov 19 09:21:36 MiWiFi kernel: [ 18.173678] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.251 LEN=236 TOS=0x00 PREC=0x00 TTL=255 ID=65025 DF PROTO=UDP SPT=5353 DPT=5353 LEN=216
Nov 19 09:21:36 MiWiFi kernel: [ 18.424244] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.251 LEN=236 TOS=0x00 PREC=0x00 TTL=255 ID=65028 DF PROTO=UDP SPT=5353 DPT=5353 LEN=216
Nov 19 09:21:36 MiWiFi kernel: [ 18.674976] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.251 LEN=236 TOS=0x00 PREC=0x00 TTL=255 ID=65082 DF PROTO=UDP SPT=5353 DPT=5353 LEN=216
Nov 19 09:21:36 MiWiFi kernel: [ 18.812203] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 MARK=0xd4
Nov 19 09:21:42 MiWiFi kernel: [ 24.142666] fuse init (API version 7.26)
Nov 19 09:21:56 MiWiFi kernel: [ 38.904380] NETFILTERIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2471 DF PROTO=TCP SPT=59188 DPT=4101 WINDOW=43690 RES=0x00 SYN URGP=0
Part 1 is the info on kernel start for my pc such as following.
Nov 19 09:21:29 MiWiFi kernel: [ 7.069752] input: Eee PC WMI hotkeys as /devices/platform/eeepc-wmi/input/input15
Nov 19 09:21:29 MiWiFi kernel: [ 7.069918] asus_wmi: Number of fans: 1
Nov 19 09:21:29 MiWiFi kernel: [ 7.264095] Adding 1952764k swap on /dev/sda5. Priority:-1 extents:1 across:1952764k FS
Nov 19 09:21:29 MiWiFi kernel: [ 11.464093] ip6_tables: (C) 2000-2006 Netfilter Core Team
Nov 19 09:21:31 MiWiFi kernel: [ 13.153842] Netfilter messages via NETLINK v0.30.
Part 2 is the info on iptables messages for my pc such as following.
Nov 19 09:21:36 MiWiFi kernel: [ 18.812203] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 MARK=0xd4
Nov 19 09:21:56 MiWiFi kernel: [ 38.904380] NETFILTERIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2471 DF PROTO=TCP SPT=59188 DPT=4101 WINDOW=43690 RES=0x00 SYN URGP=0
How to log only iptables messages (part 2 instead of part 1) into my /var/log/iptables.log ,not contains both kernel info and iptables info in /var/log/iptables.log ?
iptables logs rsyslog
asked Nov 19 '17 at 6:43
scrapy
317213
I want to log only iptables message into /var/log/iptables.log.
Here is my way.
sudo vim /etc/rsyslog.conf
kern.* -/var/log/iptables.log
sudo vim /etc/rsyslog.d/iptables.conf
:msg, startswith, "NETFILTER" -/var/log/iptables.log
& ~
sudo iptables -A OUTPUT -m limit --limit 10/m -j LOG --log-prefix NETFILTER
sudo iptables-save > /etc/iptables/rules.v4
sudo systemctl restart rsyslog
And to clear all log messages in /var/log/iptables.log.
sudo echo "" |sudo tee /var/log/iptables.log
Now to reboot pc.
sudo cat /var/log/iptables.log
Nov 19 09:21:29 MiWiFi kernel: [ 7.069752] input: Eee PC WMI hotkeys as /devices/platform/eeepc-wmi/input/input15
Nov 19 09:21:29 MiWiFi kernel: [ 7.069918] asus_wmi: Number of fans: 1
Nov 19 09:21:29 MiWiFi kernel: [ 7.264095] Adding 1952764k swap on /dev/sda5. Priority:-1 extents:1 across:1952764k FS
Nov 19 09:21:29 MiWiFi kernel: [ 11.464093] ip6_tables: (C) 2000-2006 Netfilter Core Team
Nov 19 09:21:31 MiWiFi kernel: [ 13.153842] Netfilter messages via NETLINK v0.30.
Nov 19 09:21:31 MiWiFi kernel: [ 13.529229] r8169 0000:03:00.0: firmware: failed to load rtl_nic/rtl8168g-2.fw (-2)
Nov 19 09:21:31 MiWiFi kernel: [ 13.529300] r8169 0000:03:00.0: Direct firmware load for rtl_nic/rtl8168g-2.fw failed with error -2
Nov 19 09:21:31 MiWiFi kernel: [ 13.529307] r8169 0000:03:00.0 enp3s0: unable to load firmware patch rtl_nic/rtl8168g-2.fw (-2)
Nov 19 09:21:31 MiWiFi kernel: [ 13.542639] r8169 0000:03:00.0 enp3s0: link down
Nov 19 09:21:31 MiWiFi kernel: [ 13.542657] r8169 0000:03:00.0 enp3s0: link down
Nov 19 09:21:31 MiWiFi kernel: [ 13.542749] IPv6: ADDRCONF(NETDEV_UP): enp3s0: link is not ready
Nov 19 09:21:33 MiWiFi kernel: [ 15.517613] NET: Registered protocol family 4
Nov 19 09:21:33 MiWiFi kernel: [ 15.543358] NET: Registered protocol family 3
Nov 19 09:21:33 MiWiFi kernel: [ 15.573343] NET: Registered protocol family 5
Nov 19 09:21:34 MiWiFi kernel: [ 16.105505] r8169 0000:03:00.0 enp3s0: link up
Nov 19 09:21:34 MiWiFi kernel: [ 16.105513] IPv6: ADDRCONF(NETDEV_CHANGE): enp3s0: link becomes ready
Nov 19 09:21:36 MiWiFi kernel: [ 18.128165] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 MARK=0xd4
Nov 19 09:21:36 MiWiFi kernel: [ 18.173678] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.251 LEN=236 TOS=0x00 PREC=0x00 TTL=255 ID=65025 DF PROTO=UDP SPT=5353 DPT=5353 LEN=216
Nov 19 09:21:36 MiWiFi kernel: [ 18.424244] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.251 LEN=236 TOS=0x00 PREC=0x00 TTL=255 ID=65028 DF PROTO=UDP SPT=5353 DPT=5353 LEN=216
Nov 19 09:21:36 MiWiFi kernel: [ 18.674976] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.251 LEN=236 TOS=0x00 PREC=0x00 TTL=255 ID=65082 DF PROTO=UDP SPT=5353 DPT=5353 LEN=216
Nov 19 09:21:36 MiWiFi kernel: [ 18.812203] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 MARK=0xd4
Nov 19 09:21:42 MiWiFi kernel: [ 24.142666] fuse init (API version 7.26)
Nov 19 09:21:56 MiWiFi kernel: [ 38.904380] NETFILTERIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2471 DF PROTO=TCP SPT=59188 DPT=4101 WINDOW=43690 RES=0x00 SYN URGP=0
Part 1 is the info on kernel start for my pc such as following.
Nov 19 09:21:29 MiWiFi kernel: [ 7.069752] input: Eee PC WMI hotkeys as /devices/platform/eeepc-wmi/input/input15
Nov 19 09:21:29 MiWiFi kernel: [ 7.069918] asus_wmi: Number of fans: 1
Nov 19 09:21:29 MiWiFi kernel: [ 7.264095] Adding 1952764k swap on /dev/sda5. Priority:-1 extents:1 across:1952764k FS
Nov 19 09:21:29 MiWiFi kernel: [ 11.464093] ip6_tables: (C) 2000-2006 Netfilter Core Team
Nov 19 09:21:31 MiWiFi kernel: [ 13.153842] Netfilter messages via NETLINK v0.30.
Part 2 is the info on iptables messages for my pc such as following.
Nov 19 09:21:36 MiWiFi kernel: [ 18.812203] NETFILTERIN= OUT=enp3s0 SRC=192.168.31.52 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 MARK=0xd4
Nov 19 09:21:56 MiWiFi kernel: [ 38.904380] NETFILTERIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2471 DF PROTO=TCP SPT=59188 DPT=4101 WINDOW=43690 RES=0x00 SYN URGP=0
How to log only iptables messages (part 2 instead of part 1) into my /var/log/iptables.log ,not contains both kernel info and iptables info in /var/log/iptables.log ?
iptables logs rsyslog
asked Nov 19 '17 at 6:43
scrapy
317213
asked Nov 19 '17 at 6:43
scrapy
317213
asked Nov 19 '17 at 6:43
scrapy
317213
asked Nov 19 '17 at 6:43
scrapy
317213
317213
You need to remove the linekern.* -/var/log/iptables.logif you dont want all kernel messages in that log file.
– meuh
Nov 19 '17 at 7:16
if you removekern.* -/var/log/iptables.log,both part1 and part2 will not be written into iptables.log.
– scrapy
Nov 19 '17 at 11:18
Stop rsyslog and run it by hand with debug:sudo rsyslogd -dn
– meuh
Nov 19 '17 at 14:08
add a comment |Â
You need to remove the linekern.* -/var/log/iptables.logif you dont want all kernel messages in that log file.
– meuh
Nov 19 '17 at 7:16
if you removekern.* -/var/log/iptables.log,both part1 and part2 will not be written into iptables.log.
– scrapy
Nov 19 '17 at 11:18
Stop rsyslog and run it by hand with debug:sudo rsyslogd -dn
– meuh
Nov 19 '17 at 14:08
You need to remove the line
kern.* -/var/log/iptables.log if you dont want all kernel messages in that log file.– meuh
Nov 19 '17 at 7:16
You need to remove the line
kern.* -/var/log/iptables.log if you dont want all kernel messages in that log file.– meuh
Nov 19 '17 at 7:16
if you remove
kern.* -/var/log/iptables.log ,both part1 and part2 will not be written into iptables.log.– scrapy
Nov 19 '17 at 11:18
if you remove
kern.* -/var/log/iptables.log ,both part1 and part2 will not be written into iptables.log.– scrapy
Nov 19 '17 at 11:18
Stop rsyslog and run it by hand with debug:
sudo rsyslogd -dn– meuh
Nov 19 '17 at 14:08
Stop rsyslog and run it by hand with debug:
sudo rsyslogd -dn– meuh
Nov 19 '17 at 14:08
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Â
draft saved
draft discarded
Â
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f405550%2fhow-to-log-only-iptables-messages-into-my-var-log-iptables-log%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
You need to remove the line
kern.* -/var/log/iptables.logif you dont want all kernel messages in that log file.– meuh
Nov 19 '17 at 7:16
if you remove
kern.* -/var/log/iptables.log,both part1 and part2 will not be written into iptables.log.– scrapy
Nov 19 '17 at 11:18
Stop rsyslog and run it by hand with debug:
sudo rsyslogd -dn– meuh
Nov 19 '17 at 14:08