SDB:SuSEfirewall2 Overflows the File /var/log/messages
Version: 9.2
Symptom
The file /var/log/messages is overflowed by messages like these:
Oct 14 15:04:13 linux kernel: SFW2-IN-ILL-TARGET IN=eth0 OUT= MAC=00:00:1c:b5:a4:09:00:00:1c:b5:a9:24:08:00 SRC=10.25.0.2 DST=10.20.1.53 LEN=56 TOS=0x00 PREC=0x00 TTL=64 ID=63851 DF PROTO=UDP SPT=782 DPT=652 LEN=36 Oct 14 15:04:14 linux kernel: SFW2-IN-ILL-TARGET IN=eth0 OUT= MAC=00:00:1c:b5:a4:09:00:80:c8:c9:a8:9b:08:00 SRC=205.188.7.136 DST=10.25.1.53 LEN=40 TOS=0x14 PREC=0x00 TTL=101 ID=20296 DF PROTO=TCP SPT=5190 DPT=39235 WINDOW=16384 RES=0x00 ACK URGP=0
Cause
These messages are written by the firewall. For safety reasons, SuSEfirewall2 is enabled by default.
Solution
- Quick but unsafe
In a LAN environment with its own firewall, SuSEfirewall2 can be stopped in the YaST module Security and Users -> Firewall. If your computer is directly connected to the Internet or you are not sure, use one of the solutions below.
- Safe
Reduce the firewall's output to the minimum in the last dialog of the YaST module Security and Users -> Firewall. Note that completely disabling the logging function might result in a loss of security-relevant information.
Reducing the logging frequency is a better option. To do this, edit the file /etc/sysconfig/SuSEfirewall2
by changing the variable FW_LOG_LIMIT
. The default value is 3/minute
. After performing the change, restart the firewall with the command:
rcSuSEfirewall2 restart
- The best
Redirect the firewall's output to a different file such as /var/log/SuSEfirewall2
. For this purpose, edit the file /etc/syslog.conf
as root user and append the following section:
# # SuSEfirewall2 # kern.debug -/var/log/SuSEfirewall2
Then search for the line:
*.*;mail.none;news.none -/var/log/messages
and change it to:
*.*;mail.none;news.none;kern.!debug -/var/log/messages
After saving the changes, execute the command:
rcsyslog restart
The firewall's output is now redirected to the file /var/log/SuSEfirewall2
and the firewall will no longer log to the file /var/log/messages
.
<keyword>SuSEfirewall,messages</keyword>