Linux – firewall output flooding dmesg

kernellinuxrsyslog

I log all dropped packets using following iptables rule:

-A INPUT -j LOG --log-prefix "FW_DROP: " --log-level 7

and then in rsyslog.conf, I redirect this output to a separate file, so that my syslog is not flooded

:msg, contains, "FW_DROP" -/var/log/firewall.log
& ~

This works for syslog, but my dmesg still gets flooded with the fw messages, which drives me crazy. Would anybody know how to prevent this?

Best Answer

Sorry, no. All logged messages are viewable with dmesg in the order in which they were received, subject to the size of its ring buffer. If you need to view recent log entries, without seeing firewall logs, use the actual logs where the entries are being stored.

Related Solutions

Linux Bash – How to Sort du -h Output by Size

As of GNU coreutils 7.5 released in August 2009, sort allows a -h parameter, which allows numeric suffixes of the kind produced by du -h:

du -hs * | sort -h

If you are using a sort that does not support -h, you can install GNU Coreutils. E.g. on an older Mac OS X:

brew install coreutils
du -hs * | gsort -h

From sort manual:

-h, --human-numeric-sort compare human readable numbers (e.g., 2K 1G)

Iptables – Remove Iptables log from kern.log syslog messages

I'm not sure where the & ~ comes from, but at least the following should perform what you want:

# Iptables
:msg,contains,"IPT IN/DP: " -/var/log/iptables.log
:msg,contains,"IPT6 IN/DP: " -/var/log/iptables.log
:msg,contains,"IPT IN/DP: " ~
:msg,contains,"IPT6 IN/DP: " ~

Maybe not most elegant, but a similar config seems to work for me.

Best Answer

Related Solutions

Linux Bash – How to Sort du -h Output by Size

Iptables – Remove Iptables log from kern.log syslog messages

Related Topic