[SOLVED] syslog ignore rules not working
by denydias from LinuxQuestions.org on (#5D8ZA)
A little help anyone? I have the following rule on my firewall script:
Code:LOG all -- anywhere anywhere LOG level warning prefix "RULE 7 -- DENY "And on /etc/syslog.conf, this:
Code:# Log anything 'warn' or higher.
# Exclude iptables, authpriv, cron, mail, and news. These are logged elsewhere.
*.warn;kern.!=warn;\
authpriv.none;cron.none;mail.none;news.none -/var/log/syslogThis used to work fine so firewall messages (kern.warning) won't be logged to /var/log/syslog. But since a couple of months I noted that these warning messages are back in syslog.
'kern.none' (no kernel messages at all) and kern.!warn (no kernel warns and above) both works as expected, but 'kern.!=warn' (only kernel warn level) don't. I'm pretty sure this used to work before, tho I can't remember exactly when this anomaly have started.
I've already read all 'man syslog.conf', checked all the syslog rules, read on sysklogd issues and I found no way to get rid of those kern.warning messages in '/var/log/syslog'.
Can someone spot what I'm doing wrong or tell me if this is a common issue?
Code:LOG all -- anywhere anywhere LOG level warning prefix "RULE 7 -- DENY "And on /etc/syslog.conf, this:
Code:# Log anything 'warn' or higher.
# Exclude iptables, authpriv, cron, mail, and news. These are logged elsewhere.
*.warn;kern.!=warn;\
authpriv.none;cron.none;mail.none;news.none -/var/log/syslogThis used to work fine so firewall messages (kern.warning) won't be logged to /var/log/syslog. But since a couple of months I noted that these warning messages are back in syslog.
'kern.none' (no kernel messages at all) and kern.!warn (no kernel warns and above) both works as expected, but 'kern.!=warn' (only kernel warn level) don't. I'm pretty sure this used to work before, tho I can't remember exactly when this anomaly have started.
I've already read all 'man syslog.conf', checked all the syslog rules, read on sysklogd issues and I found no way to get rid of those kern.warning messages in '/var/log/syslog'.
Can someone spot what I'm doing wrong or tell me if this is a common issue?