How to configure syslog to log the iptables messages to a different log file in Red Hat Enterprise Linux 5/6 ?

Solution Verified - Updated -


  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • syslog


  • How to modify the iptables rules to let it log at the appropriate level?
  • How to configure syslog to log the iptables messages to a different log file?
  • To stop iptables messages to get logged into /var/log/messages ?


  • Make a backup of /etc/syslog.conf before making any changes to it.
# cp /etc/syslog.conf /etc/syslog.conf.bak
  • Edit /etc/syslog.conf with an editor such as vi and add lines:
# comment iptables log
kern.warning                    /var/log/iptables
  • Make sure the iptables rule is logging at the appropriate level. This can be done by using the log-level switch. Default log-level is warning.
    Below example will log ssh attempts:
# iptables -I INPUT -p tcp --dport 22 -j LOG --log-level 4

Note: Log Levels can be found using command:

$ man syslog

Note: Consider adding a prefix to your iptables rule. This makes it easier to separate the firewall message from the few random messages that the kernel puts out.

  • Below example use to log ping and add the prefix "#### Firewall ####".
# iptables -I INPUT -p icmp --icmp-type ping -j LOG --log-prefix "#### Firewall ####"

Note:- Follow below steps if iptables print all the logs on the console:-

Step1:- Add below entry in /etc/sysctl.conf

kernel.printk = 4 1 1 7

Step2:- Run below command to make changes effectively at runtime.

# /sbin/sysctl -p /etc/sysctl.conf

Step3:- Check the changes at below file.

# cat /proc/sys/kernel/printk

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.