On Tuesday 20 March 2012 09:14 PM, Jamie Strandboge wrote:
> It isn't ufw that is doing the logging, it is the kernel via netfilter.
> As such, logged policy vilations cannot be removed by ufw. For kern.log,
> it is up to your syslog to put the messages where you want. With
> standard syslog, there isn't really much you can do because netfilter
> denials are logged at a priority that you would probably want to
> otherwise see in your kern.log. ufw ships a sample configuration file
> for use with rsyslog (see /etc/rsyslog.d/20-ufw.conf) that allows you to
> log messages to /var/log/ufw.log.
>
> To remove the messages from dmesg, your only choice is to reduce your
> logging level ('man ufw') or to add explicit allow/deny rules which
> won't be logged.Can't the default setting be changed to not log violations when ufw's logging level is set to 'low'? You leave me with no choice: I certainly don't want to disable logging completely and setting 'low', which includes policy violations, floods the kernel log buffer. I'm not much concerned about kern.log. But I don't want the kernel log buffer flooded. Imagine server machines where root file systems are on remote devices. If you flooded the log buffer with useless packet violations - by default, and with no write access to root fs, kiss your invaluable logs good bye. -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System
signature.asc
Description: OpenPGP digital signature
