Jeff Elkins wrote: > I'm trying to rid myself of annoying iptables messages that are clogging up > the console and dmesg.
The Linux kernel default console logging is 8 so that all messages are logged to the console. At least one other distro sets this to 3 in /etc/syscontrol/init and so users there never see console messages. A firewall on the Internet today is always flooded with probes. People are always pulling on the door and trying to lift the windows. The logging to the console causes messages to be printed on the console so often that it is virtually useless. This is arguably a system policy decision. Debian does not make this policy anywhere else that I can find and the system uses the Linux kernel default. Using the kernel default is arguably a safe choice for the system but possibly unpleasant for the user of the kernel. This is not normally an issue but when running an active firewall it does tend to flood the console with information. I am using shorewall, a very nice firewall packge. I highly recommend it. Therefore I always set the following in the '/etc/shorewall/init' shorewall init file to set the console logging level to something a little more quiet. This avoids logging packet messages to the console. They are still logged normally to syslog. I prefer KERN_NOTICE level 5. Setting it to 3 would pretty much turn off console messages. dmesg -n5 You can find the kernel logging levels in the linux/kernel.h file. #define KERN_EMERG "<0>" /* system is unusable */ #define KERN_ALERT "<1>" /* action must be taken immediately */ #define KERN_CRIT "<2>" /* critical conditions */ #define KERN_ERR "<3>" /* error conditions */ #define KERN_WARNING "<4>" /* warning conditions */ #define KERN_NOTICE "<5>" /* normal but significant condition */ #define KERN_INFO "<6>" /* informational */ #define KERN_DEBUG "<7>" /* debug-level messages */ Bob
signature.asc
Description: Digital signature
