Re: Kernel logging firestarter events to syslog and console
Anthony Simonelli wrote:
Hey there, just upgraded to kernel image 2.6.8-3-686 and now all of the
blocked connections from firestarter are logged in syslog and displayed at
the console such as the following:
Mar 27 21:25:25 debian kernel: ABORTED IN=wlan0 OUT=
MAC=00:0f:66:a1:89:28:00:12:17:27:5b:71:08:00 SRC=167.104.0.82
DST=192.168.1.103 LEN=40 TOS=0x00 PREC=0x20 TTL=48 ID=34256 PROTO=TCP SPT=443
I can't do anything on the command line because I get one of these every five
seconds, not to mention it's making my system logs too large and full of
non-critical info since it is blocking packets from all of the workstations
on my LAN.
How do I stop this?
There are two aspects: One is how often and at what log level your
firewall logs to syslog, and the other one is at what log level syslog
starts to echo messages to the console. The latter can be controlled by
adjusting the kernel's "printk" parameter:
http://lists.debian.org/debian-user/2006/03/msg00271.html
This will get rid of the messages on the console. If you are worried
about your growing syslog, you have to adjust the logging behavior of
firestarter. Unfortunately I never used it, therefore I cannot be more
specific on this point. More generally speaking, though, it should be
enough if you have the packages "logrotate" and "cron" installed to keep
all your logs from growing out of bounds. (If you shut down your
computer overnight then you will need the package "anacron" in addition
to the other two.) For more info on this see:
http://lists.debian.org/debian-user/2006/02/msg02670.html
Regards,
Florian
Reply to: