Hi! > I'm trying to rid myself of annoying iptables messages that are clogging up > the console and dmesg. To my firewall script I've added: Well, dmesg just reads the kernel's debugging ringbuffer, where _every_ printk() the kernel issues is recorded. You can't keep messages from appearing there, you can just prevent that they travel any further. :-) > echo 0 > /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid Hm, didn't even know that toggle - however, it already is 0 here, so I guess that's the default... > And to sysklogd: > > KLOGD="-c 4" This will keep iptables log messages (which default to log-level warning, i.e. 4, but see the --log-level option in the manpage) from appearing on the console. However, those messages are still forwarded to the syslog facility, unless you've told klogd to behave differently (see the -f switch). What sysklogd then does with them is dictated by /etc/syslog.conf(5) - incoming messages from klogd are given facility "kernel" (as you might have guessed ;-) ), and the priority given by the kernel is just passed through. > The console messages seem to be gone, but dmesg is still clogged with iptables > junk. You can't change that. I'd suggest you use another source of information: by customizing syslog.conf you should be able to extract every possible subset of logging messages pretty comfortably. HTH, Jan -- Jan C. Nordholz <jckn At gmx net>
Attachment:
signature.asc
Description: Digital signature