I have followed the recipe by @Gilles in this answer. I succeeded, but the problem is that the iptables logging now goes into 3 log files, syslog, kern.log and iptables.log.
Ideally, I want the iptables logging go only into one file, iptables.log.
Asked
Active
Viewed 5,143 times
1 Answers
3
The problem was that rsyslog was loading the 50-default.conf preferences before the custom preferences set in my_iptables.conf.
The solution was to add a number prefix to the conf filename, one that was lower than 50. So I renamed it to 10-my_iptables.conf.
File /etc/rsyslog.d/10-my_iptables.conf
# Log kernel generated iptables log messages to file
:msg,contains,"[ipT" /var/log/iptables.log
& ~
iptables logging prefix:
... -j LOG --log-prefix "[ipT4] ...
ip6tables logging prefix:
... -j LOG --log-prefix "[ipT6] ...
Then I restarted rsyslog:
# sudo service rsyslog restart
This had the desired effect -- all iptables logging was now directed to '/var/log/iptables.log'.
bearcat
- 203