On 20/07/06 07:30, Michael Nelson wrote:
Since I started running SuSEfirewall2, it constantly logs to the dmesg buffer, making dmesg pretty much useless for anything other than looking at iptables logs. I can look at that in syslog. I'd like my dmesg buffer back. Is there a way to configure SuSEfirewall2 to not send stuff into the dmesg buffer but instead only log to /var/log/messages?
I looked in /etc/sysconfig/SuSEfirewall but didn't see in there how to accomplish this. AFAIK, dmesg is only an agent to read the kernel ring buffer, which is where everything from the kernel goes if it is to be logged anywhere. That includes everything logged by iptables. Stuff that goes into the buffer is then read by the syslog agent and written to the appropriate file(s). In SuSE, the default syslog is syslog-ng, which is highly configurable -- for example, with couple of filter definitions, everything that is logged by iptables can be sent to a separate firewall log file.
The SuSEfirewall is written so that everything that gets logged has a prefix beginning SFW2. You can use this to read the kernel buffer directly, but avoid having to read all the firewall entries: dmesg |grep -v SFW2. Otherwise, your only recourse would seem to be to turn off all firewall logging, which is something you probably do not wish to do. -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com