Where can I find the iptables log file, and how can I change its location?
These logs are generated by the kernel, so they go to the file that receives kernel logs: /var/log/kern.log
.
If you want to redirect these logs to a different file, that can't be done through iptables. It can be done in the configuration of the program that dispatches logs: rsyslog. In the iptables rule, add a prefix that isn't used by any other kernel log:
iptables -A INPUT -s 192.168.11.0/24 -j LOG --log-prefix='[netfilter] '
Following the example set by 20-ufw.conf
, create a file under /etc/rsyslog.d/00-my_iptables.conf
containing:
:msg,contains,"[netfilter] " -/var/log/iptables.log
& stop
Putting the rule early (the file names in /etc/rsyslog.d
are used in lexicographic order) and adding &stop
causes these logs to go only to the specified location and not to the default location as well.
Rsyslog has to be restarted for the config changes to take place.
I know that's far too late and the answer is already marked as the accepted one. I just have a piece of new info to give.
The log file of the LOG
action is found at either /var/log/syslog
(Ubuntu and similar OSs) or /var/log/messages
(CentOS and similar OSs).
If you are in trouble finding the right file you may try like this:
find /var/log -mmin 1
This will find any file modified in the last 1 min inside the /var/log
and below.
You may find out that the -j LOG
may update more than just a single file.
For instance on Ubuntu 18, both the /var/log/kern.log
and /var/log/syslog
are impacted with netfilter logging.