On Tuesday 20 March 2012 09:14 PM, Jamie Strandboge wrote: > It isn't ufw that is doing the logging, it is the kernel via netfilter. > As such, logged policy vilations cannot be removed by ufw. For kern.log, > it is up to your syslog to put the messages where you want. With > standard syslog, there isn't really much you can do because netfilter > denials are logged at a priority that you would probably want to > otherwise see in your kern.log. ufw ships a sample configuration file > for use with rsyslog (see /etc/rsyslog.d/20-ufw.conf) that allows you to > log messages to /var/log/ufw.log. > > To remove the messages from dmesg, your only choice is to reduce your > logging level ('man ufw') or to add explicit allow/deny rules which > won't be logged.
Can't the default setting be changed to not log violations when ufw's logging level is set to 'low'? You leave me with no choice: I certainly don't want to disable logging completely and setting 'low', which includes policy violations, floods the kernel log buffer. I'm not much concerned about kern.log. But I don't want the kernel log buffer flooded. Imagine server machines where root file systems are on remote devices. If you flooded the log buffer with useless packet violations - by default, and with no write access to root fs, kiss your invaluable logs good bye. -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System
signature.asc
Description: OpenPGP digital signature