You are not logged in.
- Topics: Active | Unanswered
#1 2013-02-11 18:27:13
- scar
- Member
- From: Hungary
- Registered: 2009-10-01
- Posts: 442
[SOLVED] shorewall logging / dmesg flooded...
Hello, I've configured a smaller router with shorewall,
and I have a problem there:
The thing is, that something is flooding dmesg, it is full of messages from all sorts of traffic info.
It is not really what I wanted, because the whole system is running from a CF card, so I'm trying to minimize disk i/o activity.
In "/etc/shorewall.conf" I've left the original LOGFILE=/var/log/messages, as I use systemd - so the file does not exist.
( If I type:
#shorewall show log
the output is:
LOGFILE (/var/log/messages) does not exist! )
The problem is, that something (the kernel or iptables or shorewall?) outputs all the traffic to dmesg, and it is logged in the systemd journal.
example line:
febr 11 19:19:27 router kernel: Shorewall:net2fw:DROP:IN=ppp0 OUT= MAC= SRC=xxx.yyy.zzz.www DST= blah...
How can I eliminate this?
[edit:
I've already tried to look around at shorewall's, the related page is nonexistent...: http://www.shorewall.net/shorewall_logging.html ]
Last edited by scar (2016-12-06 18:45:12)
“The future has already arrived. It's just not evenly distributed yet.”
― William Gibson
Offline
#2 2013-02-12 12:13:49
- -Syu
- Member
- Registered: 2012-01-24
- Posts: 29
Re: [SOLVED] shorewall logging / dmesg flooded...
If the problem is that the firewall logs too much, then configure it to log less.
You could also put a second firewall in front of the first one, so the first one doesn't get much traffic to log. (Just kidding 
)
That link you posted misses an L. I think you were lookiing for this: http://www.shorewall.net/shorewall_logging.html
Offline
#3 2013-02-13 08:38:12
- scar
- Member
- From: Hungary
- Registered: 2009-10-01
- Posts: 442
Re: [SOLVED] shorewall logging / dmesg flooded...
The problem is solved, I think.
First of all, I've already set the loglevel to -1, that means no logging at all.
I still had some DROP messages in dmesg/journal, so looked around a bit - the reason for that was in /etc/shorewall/policy.
there is a log level column, and by default there were some lines with "info" in them.
So, if you have this kind of problem, just delete the whole loglevel column.
“The future has already arrived. It's just not evenly distributed yet.”
― William Gibson
Offline