i log all the traffic from the iptables - commands like "iptables -A INPUT -j LOG --log-level debug". I use similar commands to log the output, forward etc. in iptables. Also in the syslog.config i specify where to save save the logs - "kern.=debug /var/log/iptables" for example and i set the log rotate how often to rotate the logs. debug level will log everything but it needs a lot of disk space and more often rotation - you can use lighter log level
Pages 1