On Tuesday 20 March 2012 09:14 PM, Jamie Strandboge wrote:
> It isn't ufw that is doing the logging, it is the kernel via netfilter.
> As such, logged policy vilations cannot be removed by ufw. For kern.log,
> it is up to your syslog to put the messages where you want. With
> standard syslog, there isn't really much you can do because netfilter
> denials are logged at a priority that you would probably want to
> otherwise see in your kern.log. ufw ships a sample configuration file
> for use with rsyslog (see /etc/rsyslog.d/20-ufw.conf) that allows you to
> log messages to /var/log/ufw.log.
> 
> To remove the messages from dmesg, your only choice is to reduce your
> logging level ('man ufw') or to add explicit allow/deny rules which
> won't be logged.

Can't the default setting be changed to not log violations when ufw's
logging level is set to 'low'? You leave me with no choice: I certainly
don't want to disable logging completely and setting 'low', which
includes policy violations, floods the kernel log buffer.

I'm not much concerned about kern.log. But I don't want the kernel log
buffer flooded. Imagine server machines where root file systems are on
remote devices. If you flooded the log buffer with useless packet
violations - by default, and with no write access to root fs, kiss your
invaluable logs good bye.

-- 
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to