It is a good idea to place a log chain just above your drop or reject rule and usually you would do a
-A INPUT -j LOG
The above rule can cause flooding your system. You should instead use the following iptables rule to avoid your logs being flooded and DDOS’ing
-A INPUT -m limit –-limit 10/second –-limit-burst 20 -j LOG –-log-level 4 –-log-prefix "DROP_INPUT: "