How to Prevent UFW from Spamming syslog
UFW is about the only approximately sane way to handle the
iptables firewall in Linux system. Unfortunately, it has a default behavior to spam the syslog relentlessly despite having a separate log file at
/var/log/ufw.log. This buries useful information in syslog under an avalance of UFW status messages. It needs to stop. Here’s how.
/etc/rsyslog.d/20-ufw.conf, uncomment the last line, so the file looks like this:
# Log kernel generated UFW log messages to file :msg,contains,"[UFW " /var/log/ufw.log # Uncomment the following to stop logging anything that matches the last rule. # Doing this will stop logging kernel generated UFW log messages to the file # normally containing kern.* messages (eg, /var/log/kern.log) & stop
rsyslog. Done. This really should be the default setting.