Dmesg
When the kernel of the operating system starts up the system when you turn on your computer, you may see a lot of messages from the kernel as it detects devices and checks hardware. You may also see kernel messages during the operation of the operating system.
However, when troubleshooting, it may be difficult to track down these messages later. On Unix and Unix-like operating systems, the dmesg tool prints out these kernel log messages for later reference.
When invoked, it will simply print out all the kernel messages to the standard output. Shell redirection can be used to save this output.
Removing netfilter/iptables messages
I you would like to use dmesg after the system has booted, you may find it full of LOG messages from iptables/netfilter..
dmesg reads the /proc/kmesg kernel ring buffer, as does syslogd. Most firewall programs use LOG rules as their only option, which puts these messages into the ring buffer. Another option for logging exists with the ULOG target.
Intro
Iptables targets LOG & ULOG explained
Changing to ULOG targets in rules will remove messages from /proc/kmesg and make them available in netlink sockets. These can be read with the ulogd daemon.
Several other common packages default to netlink group 1, so netfilter rules should start from group 2 to avoid surprises..
ulogd
ulogd uses /etc/ulogd.conf by default. This needs to be altered to read.
nlgroup 2 logfile /var/log/ulog/ulogd2.log loglevel 5 rmem 131071 bufsize 150000 plugin /usr/lib/ulogd/ulogd_BASE.so syslogfile /var/log/ulog/netlink2.log syslogsync 1 plugin /usr/lib/ulogd/ulogd_LOGEMU.so
logrotate
ulogd stops if the logfile exceeds 2048MB so it needs to be rotated regularly. The ulogd package will include a rotation script, usually placed in /etc/logrotate.d/ This however can't be used when several ulogd daemons are listening on netlink sockets as it signals the running processes badly, assuming only one is ever running, so change the file to read.
/var/log/ulog/*.log { :missingok :daily :rotate 7 :copytruncate :delaycompress }
copytuncate is a fast way to rotate a file in position. delaycompress is used so that you can use standard tools on the uncompressed rotated file.
iptables
Now continue with Iptables ULOG Target
How to...
Clear dmesg
dmesg -c
Provided by
Most (all?) Linux distributions incorporate this from the [util-linux] project.