Many CSF (firewall) users experience an issue where their server console is flooded with CSF messages regarding dropped connections.
While CSF needs to log these actions to /var/log/messages to ensure the port scan feature works, you may not want to see these messages in the console.
Check Current Kernel Printk Values
First, determine the current kernel printk values by using the following command:
cat /proc/sys/kernel/printk
If the output starts with a number equals to or greater than 5, such as:
7 4 1 7It starts with 7, this indicates that printk is configured to print everything to the console.
These are the default values in most RHEL/Almalinux systems.
Understanding Log Levels
The numbers represent the log level, which determines which messages appear on the console. You can adjust the log level based on your needs:
- 0 – Emergency
- 1 – Alert
- 2 – Critical
- 3 – Error
- 4 – Warning
- 5 – Notice
- 6 – Info
- 7 – Debug
For instance, if you select 3 (Error level), messages at levels 3, 2, 1, and 0 will appear in the console. Selecting 7 means all messages below that level will be printed.
Change Kernel Printk Settings
- To adjust the
printksettings, open the configuration file:
nano /etc/sysctl.conf - Add the following line to the end of the file if it's not already present:
kernel.printk = 4 4 1 7 - Use the following command to apply the changes without rebooting:
sysctl -p - Verify the changes with this command:
cat /proc/sys/kernel/printk
The output should now display:
4 4 1 7
Now your console will no longer print CSF messages along with any other Debug, Info, and Notice messages, and will only show warning messages and the below log levels (Warning, Error, Critical, Alert, and Emergency).
