You are not logged in.

#1 2013-02-11 18:27:13

scar
Member
From: Hungary
Registered: 2009-10-01
Posts: 411

[SOLVED] shorewall logging / dmesg flooded...

Hello, I've configured a smaller router with shorewall,
and I have a problem there:

The thing is, that something is flooding dmesg, it is full of messages from all sorts of traffic info.
It is not really what I wanted, because the whole system is running from a CF card, so I'm trying to minimize disk i/o activity.

In "/etc/shorewall.conf" I've left the original LOGFILE=/var/log/messages, as I use systemd - so the file does not exist.

( If I type:

#shorewall show log

the output is:

LOGFILE (/var/log/messages) does not exist! )

The problem is, that something (the kernel or iptables or shorewall?) outputs all the traffic to dmesg, and it is logged in the systemd journal.

example line:

febr 11 19:19:27 router kernel: Shorewall:net2fw:DROP:IN=ppp0 OUT= MAC= SRC=xxx.yyy.zzz.www DST= blah...

How can I eliminate this?

[edit:

I've already tried to look around at shorewall's, the related page is nonexistent...: http://www.shorewall.net/shorewall_logging.htm ]

Last edited by scar (2013-02-13 08:38:36)


“The future has already arrived. It's just not evenly distributed yet.”
― William Gibson

Offline

#2 2013-02-12 12:13:49

-Syu
Member
Registered: 2012-01-24
Posts: 29

Re: [SOLVED] shorewall logging / dmesg flooded...

If the problem is that the firewall logs too much, then configure it to log less.
You could also put a second firewall in front of the first one, so the first one doesn't get much traffic to log. (Just kidding wink  )

That link you posted misses an L. I think you were lookiing for this: http://www.shorewall.net/shorewall_logging.html

Offline

#3 2013-02-13 08:38:12

scar
Member
From: Hungary
Registered: 2009-10-01
Posts: 411

Re: [SOLVED] shorewall logging / dmesg flooded...

The problem is solved, I think.

First of all, I've already set the loglevel to -1, that means no logging at all.
I still had some DROP messages in dmesg/journal, so looked around a bit - the reason for that was in /etc/shorewall/policy.
there is a log level column, and by default there were some lines with "info" in them.
So, if you have this kind of problem, just delete the whole loglevel column.


“The future has already arrived. It's just not evenly distributed yet.”
― William Gibson

Offline

Board footer

Powered by FluxBB