How to Log IPTABLES Dropped Packets to Syslog

By | |

Simply, I want to have IPTABLES log whenever it drops a packet.

To log all dropped incoming packets, add these entries to the bottom of your IPTABLES rules: 

iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP

To log all dropped outgoing packets, add these entries to the bottom of your IPTABLES rules: 

iptables -N LOGGING
iptables -A OUTPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP

To log all dropped packets, incoming and outgoing: 

iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A OUTPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP

All items will be sent to the local syslog.

Tagged , . Bookmark the permalink.

One Response to How to Log IPTABLES Dropped Packets to Syslog

  1. researchiteng says:
    October 11, 2017 at 1:27 pm

    in systemd monitor with:

    journalctl -kf

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Solve : *
17 − 7 =