Remove UFW Block from kern.log and sys.log

logging syslog ufw

UFW configuration option only toggles logging on/off (and alternatively specifies custom logging level):

logging on|off|LEVEL

toggle logging. Logged packets use the LOG_KERN syslog facility. Systems configured for rsyslog support may also log to /var/log/ufw.log. Specifying a LEVEL turns logging on for the specified LEVEL. The default log level is low.

If you are using standard Ubuntu installation, you have rsyslogd extension, which can be (and by default is) configured to generate these separated log files.

In Ubuntu 16.04, UFW logging configuration should be in /etc/rsyslog.d/20-ufw.conf:

# Log kernel generated UFW log messages to file
:msg,contains,"[UFW " /var/log/ufw.log

# Uncomment the following to stop logging anything that matches the last rule.
# Doing this will stop logging kernel generated UFW log messages to the file
# normally containing kern.* messages (eg, /var/log/kern.log)
#& ~

As the comment describes, you should just uncomment the last line. If there isn't one, just add & ~.

Contrariwise, commenting out the other configuration line causes logging only to syslog / kern.log.

2: Using a firewall to block attacks, as you already do, is the correct way to handle the situation.

Related

Cannot change Windows Service properties: Error 87: The parameter is incorrect
how to increase the size for /dev/mapper/centos-root?
List of top-level domains (TLDs) that require HTTPS connections, like .dev
Good & free Exchange spam filter [closed]
Tuning NFS for minimum latency
Real time monitoring of MS Windows servers and their services
What happens to children when deleting a snapshot in vmware?
When would you use MPLS?
Problems with SCP stalling during file copy over VPN
Has anyone found a (eg bash) shell terminal for Windows as good as the OS X one?
Hyper-V Processor Limitations
Expect timeout, in Bash scripting