Alternative to ulogd2, I'd suggest: Add a 'prefix' to your logging rule(s) and you can build a syslog config off that. Specify a 'level' in your logging rule(s). Change the kernel.printk parameter in sysctl to not display the log levels that nft logs to in your console. Jordan ________________________________________ From: Marco Moock <mm@xxxxxxxxxx> Sent: Wednesday, November 20, 2024 3:06 PM To: netfilter@xxxxxxxxxxxxxxx <netfilter@xxxxxxxxxxxxxxx> Subject: logging to a different place than kernel ring buffer Hello! I want to log denied traffic, but to syslog or a file rather than the kernel ring buffer because that messes up the virtual consoles. What is a good way to achieve that? -- Gruß Marco Send unsolicited bulk mail to 1732133134muell@xxxxxxxxxxxxxxxxxxxxxx