比如iptables本来有这么一条:
-A PREROUTING -d 125.65.27.xxx/32 -p tcp -m tcp --dport 11060 -j DNAT --to-destination 10.1.104.41:911
要将符合该条记录的封包的信息记录到syslog
需要在之前插入一条:
iptables -t nat -I PREROUTING 1 -d 125.65.27.xxx -p tcp -m tcp --dport 11060 -j LOG --log-prefix "[iptables 911:] " --log-level 7
log level 分类
log level to any level you want. The levels are, 0 emerg, 1 alert, 2 crit, 3 err, 4 warning, 5 notice, 6 info, 7 debug. You can use the number or the word in the rule.