How to add logging for iptables using the /etc/sysconfig/iptables?

Solution:

The following rule can be added to the /etc/sysconfig/iptables to add syslog
logging:
-A RH-Firewall-1-INPUT -j LOG

The above example adds logging within the default RH-Firewall-1-INPUT chain and would normally be placed near the end of the chain, just before the rule to drop or reject
everything.

After adding this rule, restart iptables with the command class=command>#service iptables restart.

Here is an example of an iptables configuration with logging:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
#default
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#ssh
-A RH-Firewall-1-INPUT -p tcp --dport 22 -j ACCEPT
#http
-A RH-Firewall-1-INPUT -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 443 -j ACCEPT
#log
-A RH-Firewall-1-INPUT -j LOG
#drop all other packets
-A RH-Firewall-1-INPUT -j DROP
COMMIT

Warning:
It is best to have physical access to the machine and also perform thorough testing of these rules in a test environment when modifying iptables rules, as there is the potential of blocking all traffic.

Read More