When using iptables to log, you generally make a ‘LOG’ chain, and then
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
To log and then drop.
LOG has some disadvantages though. Using LOG, information will fill up the output of the ‘dmesg’ command as well as the kern.log file. Using Debian Etch, I was unable to get iptables to log to any other file but kern.log.
A better solution is ULOG.
You can clear your dmesg output with ‘dmesg -c’
apt-get install ulogd
iptables -N DROPLOG
iptables -A DROPLOG -j ULOG -m limit –limit 2/hour –ulog-nlgroup 1 –ulog-qthreshold 20
iptables -A DROPLOG -j REJECT
iptables -A INPUT -p tcp -i eth0 –dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -j DROPLOG
This will drop and log all incoming traffic except for port 22.
You shouldn’t need to edit /etc/ulogd.conf, but you might want to check it out.
All information should get logged to /var/log/ulog/syslogemu.log