My kernel log is useless as it is always full of [77017.830426] turris-00000000: IN=pppoe-wan OUT= MAC= SRC=96.245.132.110 DST=x.x.x.x LEN=134 TOS=0x00 PREC=0x00 TTL=112 ID=22227 PROTO=UDP SPT=64193 DPT=51413 LEN=114 messages.
How can I reduce or switch this off?
Thanks
Obviously you have Turris data collection enabled - it works by logging all blocked packets on WAN interface using iptables, which means that kernel’s ring buffer (dmesg) will always contain such records. One possible solution is to configure syslog-ng filters so that all kernel messages except these will be logged to a separate file.
Also destination port 51413 is port usually used by Torrent clients, which could mean that you are unintentionally blocking your incoming Torrent traffic. A solution for that problem can be found here: https://www.turris.cz/forum/topic_show.pl?pid=3695#pid3695 (it’s in Czech, but the code snippet is self-explaining)
3 Likes
I am getting also bunch of very similar messages in my kernel.log. I don’t mind to keep it as it is, i was just wondering if i have something wrong (yep, data collect and honeypot are enabled). It will be nice to at least redirect those to another file (or supress totally).
Can you direct us where filtering can be setup ? /etc/config/ulogd or /etc/ulog.d/ulogd-turris.conf or /etc/syslog-ng.conf ?
I tried to look myself around and on my favorite Archlinux wiki there is some info for syslog-ng : https://wiki.archlinux.org/index.php/syslog-ng#Macros_and_Variables and seems it is possible to filter such messages out. But i am not so confident to actually mess with syslog-ng/ulogd.
Is there someone educated to push me to right direction a bit?
Did you find a solution?
Not fully and not the way i like it, but it reduced “dmesg” messages a lot.
Now i am not sure if nikola will be fine with that or not. I tried some other “match/not-match” combos , but not working at all or partially. Main config has filter to redirect/filter out the iptables/nikola stuff to own file. Included config for nikola is later filtering that flow with reverse filter. I had iptables.log file always zero-size, even if i specified my own location for system.log (with own name, via uci config based on openwrt-wiki-doku) same story(resp. no file at all). With below stuff dmesg is having less iptables messages (actually kind of expected ones, all transmission related stuff is now in iptables.log.
## in file : /etc/syslog-ng.conf
filter f_turris_iptables {
# not match(".*turris[^:]*: .*" value(MESSAGE) type("posix"));
not match("IN=.*[A-Za-z0-9]* OUT=.*" value("MESSAGE") type("posix"));
## in file : /etc/syslog-ng.d/nikola.conf
filter f_iptables {
# match(".*turris[^:]*: .*" value(MESSAGE));
match("IN=.*[A-Za-z0-9]* OUT=.*" value("MESSAGE"));
EDIT: _after checking instead of :alphanum: :xdigit: might be better. Also original expression seems to be perfectly fine(and tidy, not like mine). _
… i think , i might have something else wrongly changed by me in “etc” 