Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u763016847/domains/golinuxhub.com/public_html/wp-includes/functions.php on line 6114
How to log iptables messages in a different log file - GoLinuxHub

How to log iptables messages in a different log file

by

Generally all the info to error level messages are logged inside /var/log/messages but it makes hard to differentiate between long list of logs inside messages.
To separate the iptables related logs in different file follow the following procedure
NOTE: For RHEL 6 file name will be rsyslog.conf
To log all the iptables related messages

# vi /etc/syslog.conf
# Log all kernel messages to firewall.log.     
kern.*                                                          /var/log/frewall.log
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
# Don't log kernel related any messages
*.info;mail.none;authpriv.none;cron.none;kern.none                /var/log/messages

To log only warning level iptables messages

# Log all kernel messages to firewall.log.
kern.warn                                                 /var/log/frewall-warn.log

To log all the messages for info level to error level

kern.info;kern.!crit          /var/log/firewall.log

To log the messages as per their severity level in different files

kern.*                       /var/log/iptables.log
kern.crit                    /var/log/iptables-crit.log
kern.info                    /var/log/iptables-info.log

For more information on severity levels of syslog follow the below link
SYSLOG Tutorial
Once done restart the syslog services
For RHEL 6

# service rsyslog restart

For RHEL 5 or older

# service syslog restart

For example
Q. Create a rule to monitor the ping logs from 192.168.1.10 to the localhost

# iptables -I INPUT -s 192.168.1.10 -p icmp -j LOG --log-prefix "PING TEST "

Now let us verify it in our log file
Try to ping from 192.168.1.10 and observe the log file

# cat /var/log/iptables.log
Mar  6 11:22:36 test1 kernel: PING TEST IN=eth3 OUT= MAC=00:0c:29:51:aa:e1:00:0c:29:a3:f5:fa:08:00 SRC=192.168.1.10 DST=192.168.1.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1037 SEQ=2
Mar  6 11:23:03 test1 kernel: PING TEST IN=eth3 OUT= MAC=00:0c:29:51:aa:e1:00:0c:29:a3:f5:fa:08:00 SRC=192.168.1.10 DST=192.168.1.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=3341 SEQ=1
Mar  6 11:23:04 test1 kernel: PING TEST IN=eth3 OUT= MAC=00:0c:29:51:aa:e1:00:0c:29:a3:f5:fa:08:00 SRC=192.168.1.10 DST=192.168.1.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=3341 SEQ=2
Learn how to use iptables in simple steps with examples using below links
Basic iptables tutorial I
Basic iptables tutorial II