Hi,
LogDenied=all (or anything but off) in firewalld.conf;
Is there a way to specify a custom log file, now firewalld is flooding dmesg.
-Paavo
On Sat, Dec 16, 2017 at 10:04:08AM +0200, Paavo Leinonen wrote:
Hi,
LogDenied=all (or anything but off) in firewalld.conf;
Is there a way to specify a custom log file, now firewalld is flooding dmesg.
Not for LogDenied. It's actually iptables (the kernel) doing the logging. Currently firewalld can't control where the logs go. For that we'd have to move to using NFLOG. I think this has been requested by others, perhaps there is already a github issue open.
IMO, logging across the board needs to be improved.
On Tue, 19 Dec 2017, Eric Garver wrote:
Not for LogDenied. It's actually iptables (the kernel) doing the logging. Currently firewalld can't control where the logs go. For that we'd have to move to using NFLOG. I think this has been requested by others, perhaps there is already a github issue open.
IMO, logging across the board needs to be improved.
Problem:
The default kernel logging level has too much detail when iptables kicks in
Solution:
Dial to the level needed to hit the log files, but NOT /dev/console :
How:
1. in /etc/sysconfig/grub, edit to add
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 "
2. and rebuild the files:
grub2-mkconfig -o /etc/grub2.cfg
3. then reboot
4. examine that the added matter is present:
grubby --info=` grubby --default-kernel `
4a. so:
[root@router sysconfig]# grubby --info=` grubby --default-kernel ` | grep log args="ro rd.lvm.lv=centos_108-246-63-252/swap rd.lvm.lv=centos_108-246-63-252/root vconsole.font=latarcyrheb-sun16 crashkernel=auto vconsole.keymap=us video=640x480 loglevel=3 console=tty1 .................................^^^^^^^^^^ noplymouth LANG=en_US.UTF-8"
-------------
I have high-lighted this addition. I make some other changes as well, which are out of scope here
-- Russ herrold
firewalld-users@lists.fedorahosted.org