UFW Logs – How to Disable UFW Logging for Specific Event

firewalllogsroutersyslogufw

My router sends out multicast packets in regular intervals that are blocked by UFW's standard policies. These events are harmless but spam my syslogs and ufwlogs. I can't change the router's behaviour as that would require installing a modified firmware and thus void the warranty.

So my question is: Is there any way I can prevent UFW from logging this particular event without changing the blocking policies? And, as a possible follow-up: If I can't define a custom logging policy, would allowing this incoming traffic pose a possible security risk?

Best Answer

Base on this answer from ServerFault,

ufw supports per rule logging. By default, no logging is performed when a packet matches a rule.

All you have to do is create a UFW deny rule to match those multicast packets.

Related Solutions

Syslog Logging – How to Disable Logging to Syslog

syslog is system wide, so you can't disable syslog on a per session basis.

However, you can

copy /etc/rsyslog.conf to /tmp/rsyslog.conf
edit /tmp/rsyslog.conf to remove unwanted logging
kill rsyslogd (/etc/init.d/rsyslogd stop)
run rsyslogd -d -f /tmp/rsyslog.conf for the time of your "session"

at the end of the session

kill rsyslogd (find process with ps)
run rsyslog (/etc/init.d/rsyslogd start)

Linux – Disable syslog logging for auditd

Edit /etc/audisp/plugins.d and change args = LOG_INFOto this: args = local6

Then edit /etc/rsyslog.conf and add local6 to the "some catch-all log files" block so it's like this:

*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none;\
        local6.none           -/var/log/messages

Also change the line args = in /etc/audisp/plugins.d to: args = LOG_LOCAL6

This was adapted from this post.

Best Answer

Related Solutions

Syslog Logging – How to Disable Logging to Syslog

Linux – Disable syslog logging for auditd

Related Question