On Tue, 19 Dec 2017, Eric Garver wrote:
Not for LogDenied. It's actually iptables (the kernel) doing the
logging. Currently firewalld can't control where the logs go. For that
we'd have to move to using NFLOG. I think this has been requested by
others, perhaps there is already a github issue open.
IMO, logging across the board needs to be improved.
Problem:
The default kernel logging level has too much detail when
iptables kicks in
Solution:
Dial to the level needed to hit the log files, but NOT
/dev/console :
How:
1. in /etc/sysconfig/grub, edit to add
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 "
2. and rebuild the files:
grub2-mkconfig -o /etc/grub2.cfg
3. then reboot
4. examine that the added matter is present:
grubby --info=` grubby --default-kernel `
4a. so:
[root@router sysconfig]# grubby --info=` grubby
--default-kernel ` | grep log
args="ro rd.lvm.lv=centos_108-246-63-252/swap
rd.lvm.lv=centos_108-246-63-252/root
vconsole.font=latarcyrheb-sun16 crashkernel=auto
vconsole.keymap=us video=640x480 loglevel=3 console=tty1
.................................^^^^^^^^^^
noplymouth LANG=en_US.UTF-8"
-------------
I have high-lighted this addition. I make some other changes
as well, which are out of scope here
-- Russ herrold