Re: how to log iptables
Linux kernel used to log via kernel logging facility catched by some
userspace (syslog) daemon. Legacy is syslogd+klogd of package syslog,
but you may consider to install version syslog-ng (which does not split into
2 the same way) to have more userspace filtering, like regular expressions.
Also, the legacy syslog package didn't get any significant improvements
since long, with old bugs getting fixed only slow, if at all.
You can also influence the kernel default logging defaults by 'printk' value,
which is mainly about the way messages should appear on (stdout) console,
but maybe that was improved meanwhile. It's configurable at boottime via
/etc/sysctl.conf, if you install the 'procps' package.
You probably need to the 'procps' and 'sysctl' options set to yes, in the kernel
I just see there's a /usr/src/linux/Documentation/sysctl/kernel.txt which
possibly could tell you more about this.
And ultimatively, since 2.4.something, there's ulogd which needs the according
setting in the kernel (netfilter) configuration:
This option enables the old IPv4-only "ipt_ULOG" implementation
which has been obsoleted by the new "nfnetlink_log" code (see
This option adds a `ULOG' target, which allows you to create rules in
any iptables table. The packet is passed to a userspace logging
daemon using netlink multicast sockets; unlike the LOG target
which can only be viewed through syslog.
The apropriate userspace logging daemon (ulogd) may be obtained from
The package is availabe in debian Sid (unstable).