How to Prevent UFW from Spamming syslog
UFW is about the only approximately sane way to handle the iptables firewall
in Linux system. Unfortunately, it has a default behavior to spam the syslog
relentlessly despite having a separate log file at /var/log/ufw.log. This
buries useful information in syslog under an avalance of UFW status messages.
It needs to stop. Here’s how.
In /etc/rsyslog.d/20-ufw.conf, uncomment the last line, so the file looks like this:
# Log kernel generated UFW log messages to file
:msg,contains,"[UFW " /var/log/ufw.log
# Uncomment the following to stop logging anything that matches the last rule.
# Doing this will stop logging kernel generated UFW log messages to the file
# normally containing kern.* messages (eg, /var/log/kern.log)
& stop
Restart rsyslog. Done. This really should be the default setting.