How to get the iptables logs when Rpi act as router between ETH1 and ETH0

Question

I have setuped my RPI following the post Sharing the Pi's WiFi connection through the Ethernet port

I want to be able to have to source ip, source port, source mac, dest ip, dest port logged by iptables

I already add the command : iptables -A FORWARD -p tcp --syn -j LOG --log-prefix "iptables: "

and create a rule for syslog touch /etc/rsyslog.d/10-iptables.conf nano /etc/rsyslog.d/10-iptables.conf :msg, contains, "iptables: " -/var/log/iptables.log & ~

but my /var/log/iptables.log is still empty thx in advance

score 0 · Answer 1 · answered Dec 17 '19 at 18:49

create a rule for syslog touch /etc/rsyslog.d/10-iptables.conf nano /etc/rsyslog.d/10-iptables.conf :msg, contains, "iptables: " -/var/log/iptables.log & ~

Instead try:

module (
        load="builtin:omfile"
        template="RSYSLOG_TraditionalFileFormat"
)

if $programname == 'kernel' then {
        if $msg contains 'iptables:'
        then {
                action (type="omfile" file="/var/log/iptables.log" sync="off")
                & stop
        }
}

How to get the iptables logs when Rpi act as router between ETH1 and ETH0

1 Answers1