sudo cat /etc/rsyslog.conf 查看日志工具配置:
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
###############
#### RULES ####
###############
#
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
可以看出$IncludeConfig /etc/rsyslog.d/*.conf在前面,也就是说/etc/rsyslog.d/20-ufw.conf会先处理
修改/etc/rsyslog.d/20-ufw.conf
# Log kernel generated UFW log messages to file
:msg,contains,"[UFW " /var/log/ufw.log
# Uncomment the following to stop logging anything that matches the last rule.
# Doing this will stop logging kernel generated UFW log messages to the file
# normally containing kern.* messages (eg, /var/log/kern.log)
& stop
最后一行&stop前面的#号去掉,这样ufw的日志就不会被其它规则再处理(记录)了
发现dmesg的还是会有,只能如下关掉log了
sudo ufw logging off