printk: 1 messages suppressed.

I find a lot of error log on my proxy server:

Jan 22 22:57:37 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:00:04 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:00:09 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:00:13 streams1 kernel: printk: 3 messages suppressed.
Jan 22 23:00:20 streams1 kernel: printk: 2 messages suppressed.
Jan 22 23:00:25 streams1 kernel: printk: 3 messages suppressed.
Jan 22 23:00:29 streams1 kernel: printk: 2 messages suppressed.
Jan 22 23:00:34 streams1 kernel: printk: 2 messages suppressed.
Jan 22 23:00:45 streams1 kernel: printk: 3 messages suppressed.

It’s normal after I change kernel parameters.

1.ip_conntrack_tcp_timeout

echo 180 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established

2. ip_conntrack_max
echo 262144 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max

3.gc_stale_time
echo 120   > /proc/sys/net/ipv4/neigh/default/gc_stale_time

4.gc_thresh1
echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh1

5.gc_thresh2
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh2

6.gc_thresh3
echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3

อีกตัวอย่าง

I am trying to troubleshoot messages piling up in my /var/log/messages on CentOS 5 that look like this:

Apr 18 10:04:01 sc16 kernel: printk: 3 messages suppressed.
Apr 18 10:04:06 sc16 kernel: printk: 2 messages suppressed.
Apr 18 10:04:14 sc16 kernel: printk: 3 messages suppressed.
Apr 18 10:04:17 sc16 kernel: printk: 1 messages suppressed.
Apr 18 10:04:25 sc16 kernel: printk: 3 messages suppressed.
Apr 18 10:04:31 sc16 kernel: printk: 1 messages suppressed.
Apr 18 10:04:39 sc16 kernel: printk: 2 messages suppressed.

The messages are supressed so I can't see what they are or what is causing them.

How can I disable printk supression?

I have already tried:
echo 0 > /proc/sys/kernel/printk_ratelimit_burst
echo 0 > /proc/sys/kernel/printk_ratelimit

They don't seem to disable it... Any ideas?

IPTABLES เป็น Firewall พื้นฐานของ Linux

IPTABLES เป็น Firewall พื้นฐานของ Linux เกือบทุก Distro และให้ประสิทธิภาพที่สูงมากในการ Filtering Traffic และ การป้องกันการ Attack ต่างๆ โดยที่จะมีตัวอย่างพอสังเขป ดังนี้

เปิดการใช้งาน IP Forward ป้องกัน Syn Flood และ อนุญาติให้มีการใช้งานแบบ Dynamic IP (ต่อเนต DSL ทั่วไป)
[root@localhost]#echo 1 > /proc/sys/net/ipv4/ip_forward
[root@localhost]#echo 1 > /proc/sys/net/ipv4/tcp_syncookies
[root@localhost]#echo 1 > /proc/sys/net/ipv4/ip_dynaddr

Drop Packet ก่อนหน้านี้ทั้งหมด[root@localhost]#iptables -F INPUT
[root@localhost]#iptables -F FORWARD
[root@localhost]#iptables -F OUTPUT
[root@localhost]#iptables -P INPUT DROP
[root@localhost]#iptables -P FORWARD DROP
[root@localhost]#iptables -P OUTPUT ACCEPT
[root@localhost]#iptables -A INPUT -i lo -j ACCEPT

อนุญาติเฉพาะ SSH, SMTP, DNS, Web Services, SSL และ POP3 ให้ผ่านเข้าออก
[root@localhost]#iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
[root@localhost]#iptables -A INPUT -p tcp --dport 22 --syn -j ACCEPT
[root@localhost]#iptables -A INPUT -p tcp --dport 25 --syn -j ACCEPT
[root@localhost]#iptables -A INPUT -p tcp --dport 53 --syn -j ACCEPT
[root@localhost]#iptables -A INPUT -p udp --dport 53 --syn -j ACCEPT
[root@localhost]#iptables -A INPUT -p tcp --dport 80 --syn -j ACCEPT
[root@localhost]#iptables -A INPUT -p tcp --dport 443 --syn -j ACCEPT
[root@localhost]#iptables -A INPUT -p tcp --dport 110 --syn -j ACCEPT

ป้องกันการ scan ports
[root@localhost]#iptables -N check-flags
[root@localhost]#iptables -F check-flags
[root@localhost]#iptables -A check-flags -p tcp --tcp-flags ALL FIN,URG,PSH -m limit --limit 5/minute -j LOG --log-level alert --log-prefix "NMAP:"
[root@localhost]#iptables -A check-flags -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
[root@localhost]#iptables -A check-flags -p tcp --tcp-flags ALL ALL -m limit --limit 5/minute -j LOG --log-level 1 --log-prefix "XMAS:"
[root@localhost]#iptables -A check-flags -p tcp --tcp-flags ALL ALL -j DROP
[root@localhost]#iptables -A check-flags -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -m limit --limit 5/minute -j LOG --log-level 1 --log-prefix "XMAS-PSH:"
[root@localhost]#iptables -A check-flags -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
[root@localhost]#iptables -A check-flags -p tcp --tcp-flags ALL NONE -m limit --limit 5/minute -j LOG --log-level 1 --log-prefix "NULL_SCAN:"
[root@localhost]#iptables -A check-flags -p tcp --tcp-flags ALL NONE -j DROP
[root@localhost]#iptables -A check-flags -p tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/minute -j LOG --log-level 5 --log-prefix "SYN/RST:"
[root@localhost]#iptables -A check-flags -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
[root@localhost]#iptables -A check-flags -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/minute -j LOG --log-level 5 --log-prefix "SYN/FIN:"
[root@localhost]#iptables -A check-flags -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP

ป้องกันการ flood SSH (SSH Brute Force)
[root@localhost]#iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
[root@localhost]#iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP

ห้าม ping[root@localhost]#iptables -A INPUT -p ICMP -i eth0 --icmp-type 8 -j DROP

ห้าม traceroute[root@localhost]#iptables -A INPUT -p ICMP -i eth0 --icmp-type 11 -j DROP

Protect Syn Flood
[root@localhost]#iptables-N syn-flood
[root@localhost]#iptables -A syn-flood -i ppp0 -m limit --limit 75/s --limit-burst 100 -j RETURN
[root@localhost]#iptables -A syn-flood -j LOG --log-prefix "SYN-FLOOD: "
[root@localhost]#iptables -A syn-flood -j DROP

REDIRECT PORT 10080 to 80[root@localhost]#iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to 192.168.xxx.xxx:10080
[root@localhost]#iptables -A FORWARD -p tcp -i ppp0 -d 192.168.xxx.xxx --dport 80 -j ACCEPT (192.168.xxx.xxx = ip ของเรา)
[root@localhost]#iptables -A FORWARD -p tcp -i ppp0 -d 192.168.xxx.xxx --sport 80 -j ACCEPT

Transparent Proxy
[root@localhost]#iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT -to-ports 3128