I log all dropped packets using following iptables rule:
-A INPUT -j LOG --log-prefix "FW_DROP: " --log-level 7
and then in rsyslog.conf, I redirect this output to a separate file, so that my syslog is not flooded
:msg, contains, "FW_DROP" -/var/log/firewall.log & ~
This works for syslog, but my dmesg still gets flooded with the fw messages, which drives me crazy. Would anybody know how to prevent this?
Sorry, no. All logged messages are viewable with
dmesg in the order in which they were received, subject to the size of its ring buffer. If you need to view recent log entries, without seeing firewall logs, use the actual logs where the entries are being stored.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.