On 20/07/06 20:23, Michael Nelson wrote:
On Thu, Jul 20, 2006 at 03:48:09PM -0400, JA wrote:
Not directly, and certainly not from the current version of the GUI you can click on in yast2. The /sbin/SuSEfirewall2 script is hard-coded to use the LOG target, which of course plops the messages into the kernel ring buffer where both dmesg and syslog can see it. The ULOG target was implemented to allow logging to go through userspace instead, but most firewall building tools (including SuSEfirewall2) don't make use of it.
Thanks. RHEL4 and CentOS4 manage to have an iptables setup that works just fine without spewing so much crap into the kernel ring buffer that dmesg becomes useless. This must be another SuSE/Novell "enhancement".
I have always found it is better to err on the side of more information in the logs than less. SuSE seems to agree, at least when it concerns the firewall. Perhaps my previous message got lost in the mail: try "dmesg | grep -v SFW2" -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com