I'm currently trying to split out some of my IPTables logging from kern.log into a file called iptables.log. Basically, I have several different adapters and I'm logging requests to port 80 on each one. These rules are working and outputting fine to kern.log. Here's an example:
-A INPUT -d 192.168.100.10 -p tcp -m tcp --dport 80 -j LOG --log-prefix "[10010] REQUEST Port 80: " --log-level 7
I have done the following to try to split out what I want:
- created an iptables.log files in /var/log that has 644 permissions
- created an
iptables.conf
file in/etc/rsyslog.d/
with the following contents::msg,contains,"[10010] REQUEST Port 80: " -/var/log/iptables.log
- edited
/etc/rsyslog.conf
to contain the following line:kern.debug /var/log/iptables.log
- restarted rsyslog:
service rsyslog restart
Despite this, my "[10010]" stuff is still being written to the kern.log file instead of iptables.log.
Any help on this matter would be greatly appreciated.