[opensuse] dmesg without firewall messages
Hello, I'm pretty sure this was already discussed, but I'm unable to have an answer for the systemd era. I would like to have the firawall messages sorted out of the usual logs (there are so many) that is, either have them excluded from dmesg (for example logged separately), or simply not show in journalctl - and then the command to have only them with journalctl thanks jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
jdd wrote:
Hello,
I'm pretty sure this was already discussed, but I'm unable to have an answer for the systemd era.
I would like to have the firawall messages sorted out of the usual logs (there are so many)
that is, either have them excluded from dmesg (for example logged separately), or simply not show in journalctl - and then the command to have only them with journalctl
To my knowledge, the only way to do this is to use the iptables ULOG module, i.e. with a user space logging daemon. I haven't got a working setup for this, instead I suppress most of what is being logged (because it is irrelevant). -- Per Jessen, Zürich (12.7°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 02/04/2017 à 11:17, Per Jessen a écrit :
I haven't got a working setup for this, instead I suppress most of what is being logged (because it is irrelevant).
I was hoping some "exclude" option in journalctl. It's for a server, I'm reluctant to remove completely firewall logs thanks jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
jdd wrote:
Le 02/04/2017 à 11:17, Per Jessen a écrit :
I haven't got a working setup for this, instead I suppress most of what is being logged (because it is irrelevant).
I was hoping some "exclude" option in journalctl. It's for a server, I'm reluctant to remove completely firewall logs
TMK, journalctl does not implement any filtering options. I think Carlos was also looking for those at some point. Anyway, dmesg is the kernel message buffer, not the journal. -- Per Jessen, Zürich (14.1°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2017-04-02 a las 12:55 +0200, Per Jessen escribió:
jdd wrote:
Le 02/04/2017 à 11:17, Per Jessen a écrit :
I haven't got a working setup for this, instead I suppress most of what is being logged (because it is irrelevant).
I was hoping some "exclude" option in journalctl. It's for a server, I'm reluctant to remove completely firewall logs
TMK, journalctl does not implement any filtering options. I think Carlos was also looking for those at some point. Anyway, dmesg is the kernel message buffer, not the journal.
That is so. You can not adjust what the kernel keeps, only the size of the storage. So I find it best to tell it to keep little, and then use rsyslog to keep traditional long term text log with proper filtering and rotation. Otherwise, convert to text the journal log, and use grep to remove firewall entries from the output. - -- Cheers Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAljhkngACgkQja8UbcUWM1xTYQD9GO4TPDSahymeoJi/n01cw/YF B528UE00QkhK76ptXUUA/0gLXWdwE65fw7GYFbUB/7jXieXtALzThCxJmPz9Lv7O =LIkT -----END PGP SIGNATURE-----
Le 03/04/2017 à 02:08, Carlos E. R. a écrit :
Otherwise, convert to text the journal log, and use grep to remove firewall entries from the output.
why not? what grep parameter? thanks jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-04-03 08:06, jdd wrote:
Le 03/04/2017 à 02:08, Carlos E. R. a écrit :
Otherwise, convert to text the journal log, and use grep to remove firewall entries from the output.
why not? what grep parameter?
journalctl | grep -v -E "IN=|OUT=" -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
participants (3)
-
Carlos E. R. -
jdd -
Per Jessen