Tuesday, January 12, 2016

Enable Iptables logging in RHEL5

Environment : RHEL 5.6 2.6.18-348.el5-x86_64


1.  Take backup of /etc/syslog.conf:
     # cp /etc/syslog.conf /etc/syslog.conf.bak


2.  Add below line in /etc/syslog.conf:
     kern.warning /var/log/iptables


3.  Reload syslog service:
    #service syslog reload


4.  Check iptables log:
    #tail -f /var/log/iptables


5.  Run below command
     #iptables -I INPUT -p tcp --dport 10000:10500 -j LOG --log-level 4


6.  Add the prefix "#### Firewall ####"
    # iptables -I INPUT -p icmp --icmp-type ping -j LOG --log-prefix "#### Firewall ####"


7.   Disable the iptables logging:
     #service iptables restart