I have followed the recipe by @Gilles in this answer. I succeeded, but the problem is that the iptables logging now goes into 3 log files, syslog, kern.log and iptables.log.
Ideally, I want the iptables logging go only into one file, iptables.log.
Asked
Active
Viewed 4,679 times
3
-
1Thanks to all. I found the answer. It is necessary to prepend the name of the conf file with a number to assure that it is loaded before all the other rules. In this case, it should be '10-my_iptables.conf'. – bearcat Jun 21 '16 at 01:05
-
1in order to help other folks experiencing the same issue, can you add an answer to your own question, with more detail on how you fixed it? It's fine to mark your own answer as correct, if it fixes the problem! – Jeremy Kerr Jun 21 '16 at 01:34
1 Answers
3
The problem was that rsyslog was loading the 50-default.conf preferences before the custom preferences set in my_iptables.conf.
The solution was to add a number prefix to the conf filename, one that was lower than 50. So I renamed it to 10-my_iptables.conf.
File /etc/rsyslog.d/10-my_iptables.conf
# Log kernel generated iptables log messages to file
:msg,contains,"[ipT" /var/log/iptables.log
& ~
iptables logging prefix:
... -j LOG --log-prefix "[ipT4] ...
ip6tables logging prefix:
... -j LOG --log-prefix "[ipT6] ...
Then I restarted rsyslog:
# sudo service rsyslog restart
This had the desired effect -- all iptables logging was now directed to '/var/log/iptables.log'.
bearcat
- 203
- 3
- 7