SDB:SuSEfirewall2 Overflows the File /var/log/messages

Şuraya atla: kullan, ara


Version: 9.2

Symptom

The file /var/log/messages is overflowed by messages like these:

Oct 14 15:04:13 linux kernel: SFW2-IN-ILL-TARGET IN=eth0 OUT= MAC=00:00:1c:b5:a4:09:00:00:1c:b5:a9:24:08:00 SRC=10.25.0.2 DST=10.20.1.53 LEN=56 TOS=0x00 PREC=0x00 TTL=64 ID=63851 DF PROTO=UDP SPT=782 DPT=652 LEN=36
Oct 14 15:04:14 linux kernel: SFW2-IN-ILL-TARGET IN=eth0 OUT= MAC=00:00:1c:b5:a4:09:00:80:c8:c9:a8:9b:08:00 SRC=205.188.7.136 DST=10.25.1.53 LEN=40 TOS=0x14 PREC=0x00 TTL=101 ID=20296 DF PROTO=TCP SPT=5190 DPT=39235 WINDOW=16384 RES=0x00 ACK URGP=0

Cause

These messages are written by the firewall. For safety reasons, SuSEfirewall2 is enabled by default.

Solution

  • Quick but unsafe

In a LAN environment with its own firewall, SuSEfirewall2 can be stopped in the YaST module Security and Users -> Firewall. If your computer is directly connected to the Internet or you are not sure, use one of the solutions below.

  • Safe

Reduce the firewall's output to the minimum in the last dialog of the YaST module Security and Users -> Firewall. Note that completely disabling the logging function might result in a loss of security-relevant information. Reducing the logging frequency is a better option. To do this, edit the file /etc/sysconfig/SuSEfirewall2 by changing the variable FW_LOG_LIMIT. The default value is 3/minute. After performing the change, restart the firewall with the command: rcSuSEfirewall2 restart

  • The best

Redirect the firewall's output to a different file such as /var/log/SuSEfirewall2. For this purpose, edit the file /etc/syslog.conf as root user and append the following section:

 #
 # SuSEfirewall2
 #
 kern.debug              -/var/log/SuSEfirewall2
 

Then search for the line:

 *.*;mail.none;news.none                -/var/log/messages
 

and change it to:

 *.*;mail.none;news.none;kern.!debug    -/var/log/messages
 

After saving the changes, execute the command: rcsyslog restart The firewall's output is now redirected to the file /var/log/SuSEfirewall2 and the firewall will no longer log to the file /var/log/messages. <keyword>SuSEfirewall,messages</keyword>