nftables Logs on Alpine Linux
By chimo on (updated on )If your nftables “log” action isn’t logging traffic on Alpine Linux, it may be because sysklogd isn’t running:
# Install the init script
root@logic-b0mb:~# apk add sysklogd-openrc # Make it start at boot
root@logic-b0mb:~# rc-update add klogd boot # Start it now
root@logic-b0mb:~# rc-service klogd start
Woo!
root@logic-b0mb:~# tail -n 3 /var/log/messages
May 27 17:24:14 logic-b0mb kern.warn kernel: [ 6072.309129] rej-in: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.xx.xx DST=192.168.xx.xx LEN=160 TOS=0x00 PREC=0x00 TTL=64 ID=22361 DF PROTO=UDP SPT=36150 DPT=514 LEN=140
May 27 17:24:30 logic-b0mb kern.warn kernel: [ 6088.276676] rej-in: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.xx.xx DST=192.168.xx.xx LEN=56 TOS=0x00 PREC=0x00 TTL=64 ID=23582 DF PROTO=UDP SPT=33654 DPT=3478 LEN=36
May 27 17:24:37 logic-b0mb kern.warn kernel: [ 6095.330465] rej-in: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.xx.xx DST=192.168.xx.xx LEN=160 TOS=0x00 PREC=0x00 TTL=64 ID=23656 DF PROTO=UDP SPT=44940 DPT=514 LEN=140