I have removed the SSH service from firewalld
firewall-cmd --zone=public --remove-service=ssh
Using rich rule I'm allowing particular IP to access SSH service
firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.163.14.10" service name="ssh" accept'
Now I want to generate an audit log when a non-whitelist IP is trying to access my host. The host should generate an audit log for access denied. Something like Error: Network access denied. Unauthorized IP 111.111.111.111 is trying to access my host.
I tried to find logs in /var/log but no luck.
