CentOS - Jul 2011 - Iptables - flooding console

Hi,

We are trying to track some specific rules using  LOG as target.
Everything is working well but the problem is that iptables is flooding 
the console with LOG messages.
We tried --log level 4 on iptables rules but it didn't work.
We fixed the problem changing KLOGD_OPTIONS value in 
/etc/sysconfig/syslog to:
KLOG_OPTIONS="-c 4"

Is it the best option or we are missing something?

Thanks in advance

On Wed, 20 Jul 2011, cbulist at gmail.com wrote:
> To: centos at centos.org
> From: "cbulist at gmail.com" <cbulist at gmail.com>
> Subject: [CentOS] Iptables - flooding console
> 
> Hi,
>
> We are trying to track some specific rules using  LOG as target.
> Everything is working well but the problem is that iptables is flooding
> the console with LOG messages.
> We tried --log level 4 on iptables rules but it didn't work.
> We fixed the problem changing KLOGD_OPTIONS value in
> /etc/sysconfig/syslog to:
> KLOG_OPTIONS="-c 4"
>
> Is it the best option or we are missing something?
>
> Thanks in advance
I had this problem as well. The firewall logs were being 
sent (tailed/tee'd ?) to the console, which is a pain if you 
are using mc or any other console application.

To fix it on Centos 5.5/6 I just added the following 
to the top of the /etc/syslog.conf file.

Deleted these lines as not in use:

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                       /dev/console


Replaced with:
# Log all firewall messages to a file.
kern.=debug      /var/log/firewall-log

Obviously you need to make sure the firewall log file 
exists

-rw-r--r--  keith  users    39039 Jul 20 15:24 firewall-log

Kind Regards,

Keith Roberts
-----------------------------------------------------------------
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------

--On Wednesday, July 20, 2011 10:44 AM -0500 cbulist at gmail.com wrote:
> We are trying to track some specific rules using  LOG as target.
> Everything is working well but the problem is that iptables is flooding
> the console with LOG messages.
In addition to the other suggestions, you could switch to rsyslog, included 
in CentOS base. It provides much more flexible filtering options. Add a 
unique string to your iptables log lines and match on it to divert all of 
its logs to a separate file (or virtual console).

After switching to rsyslog, my /var/log/messages rarely gets a new message, 
as I've diverted everything to subsystem-specific log files. (Remember to 
add logrotate entries for them so your disk doesn't fill up.)