iptables logging doesn't log

iptables

I'm trying to log any requests to port 22 into my syslog, so I have following line in my iptables:

LOG        tcp  --  anywhere             anywhere            tcp dpt:ssh LOG level debug

yet, when I ssh in, nothing gets logged. I'm using RHEL6 (6.2)

Any ideas why?


I've used the following to log new connections to port 22

iptables -I INPUT -p tcp -m tcp --dport 22 -m state --state NEW  -j LOG --log-level 1 --log-prefix "New Connection "

This rule only logs new connections to port 22. It logs to /var/log/messages on the CentOS box I have to hand

Nov 8 16:20:54 centos6 kernel: New Connection IN=eth0 OUT= MAC=00:0c:29:d2:2c:38:00:0c:29:fe:8e:bb:08:00 SRC=192.168.1.73 DST=192.168.254.188 LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=9880 DF PROTO=TCP SPT=63861 DPT=22 WINDOW=8192 RES=0x00 SYN URGP=0

Note that iptables actions rules in the order they are defined so if you used iptables -A to add your rule to an existing ruleset then it's possible that packets are being accepted or denied by an earlier rule and your log action is never erm actioned.

Related

Server 2012 Core (no GUI): Remote Server manager not working
Security permissions for remote shared folders
Is our planned backup strategy adequate for my new server insfrastructure?
Linux Startup Script + add one command
Postfix: virtual_alias_maps delivering everything to one user despite new domain
Awaken monit daemon every few hours for all monitored processes
How to change Volumegroup PE size
GCE : health check and Liveness Probe
How to secure a windows 2008 server
How does this [t]ricky bracket expression in grep work?
How to run Terminal as root?
How can I check Internet connectivity in a console?