I have the following configuration in my iptables and syslog files:
IPTABLES
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 222 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -j DROP
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
SYSLOG-NG
destination d_iptables { file("/var/log/iptables/iptables.log"); };
filter f_iptables { facility(kern) and match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); };
filter f_messages { level(info,notice,warn) and
not facility(auth,authpriv,cron,daemon,mail,news) and not
filter(f_iptables); };
log { source(s_src); filter(f_iptables); destination(d_iptables); };`
I restart syslog-ng and the log is not written.