iptables日志记录访问记录

/etc/sysconfig/iptables文件
# Generated by iptables-save v1.4.21 on Fri Aug 19 03:08:01 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [57:10495]
:NEW_PORT - [0:0]
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.10.0/24 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A INPUT -j NEW_PORT
-A INPUT -j LOG --log-prefix "curious_log " --log-level 6
-A INPUT -j DROP
-A NEW_PORT -p udp -m udp --sport 68 --dport 67 -j ACCEPT
-A NEW_PORT -p tcp -m multiport --dports 22 -j ACCEPT
-A NEW_PORT -j RETURN
COMMIT
# Completed on Fri Aug 19 03:08:01 2016



打开iptables日志只需添加一条规则
-A INPUT -j LOG --log-prefix "curious_log " --log-level 6   //输出日志在/var/log/messages

日志级别说明：
The kernel log levels are:
0 (KERN_EMERG)
The system is unusable.
1 (KERN_ALERT)
Actions that must be taken care of immediately.
2 (KERN_CRIT)
Critical conditions.
3 (KERN_ERR)
Noncritical error conditions.
4 (KERN_WARNING)
Warning conditions that should be taken care of.
5 (KERN_NOTICE)
Normal, but significant events.
6 (KERN_INFO)
Informational messages that require no action.
7 (KERN_DEBUG)
Kernel debugging messages, output by the kernel if the developer enabled debugging at compile time.

也可以自定义输出日志位置
cat /etc/rsyslog.conf |grep kern.
kern.notice                        /server/logs/iptables/iptables.log

重启日志服务
/etc/init.d/rsyslog restart