irulan.net

How to Prevent UFW from Spamming syslog

UFW is about the only approximately sane way to handle the iptables firewall in Linux system. Unfortunately, it has a default behavior to spam the syslog relentlessly despite having a separate log file at /var/log/ufw.log. This buries useful information in syslog under an avalance of UFW status messages. It needs to stop. Here’s how.

In /etc/rsyslog.d/20-ufw.conf, uncomment the last line, so the file looks like this:

# Log kernel generated UFW log messages to file
:msg,contains,"[UFW " /var/log/ufw.log

# Uncomment the following to stop logging anything that matches the last rule.
# Doing this will stop logging kernel generated UFW log messages to the file
# normally containing kern.* messages (eg, /var/log/kern.log)
& stop

Restart rsyslog. Done. This really should be the default setting.