I got around this problem by installing syslog-ng and modifying /etc/syslog-ng.conf to filter banip and firewall logging, which I enabled so I can still keep tabs on things in real time by watching the kernel log via serial console (alternatively via SSH by using cat /proc/kmsg instead of logread -f).
Here's a few excerpts from my /etc/syslog-ng.conf file:
filter banip {
not match("banIP")
};
filter firewall_lan_fwd {
not match("reject lan forward")
};
filter firewall_lan2_fwd {
not match("reject lan2 forward")
};
filter firewall_wan_drp {
not match("drop wan invalid")
};
filter firewall_wan_in {
not match("reject wan in")
};
filter firewall_wan_fwd {
not match("reject wan forward")
};
log {
source(src);
source(net);
source(kernel);
source(s_network);
filter(banip);
filter(collectd);
filter(firewall_lan_fwd);
filter(firewall_lan2_fwd);
filter(firewall_wan_drp);
filter(firewall_wan_in);
filter(firewall_wan_fwd);
filter(openvpn_fail);
filter(openvpn_info);
destination(messages);
};
Make sure to also install logrotate and set up a cronjob or else the log will just keep growing infinitely until it exhausts RAM. I do this daily at 1 am:
0 1 * * * /usr/sbin/logrotate /etc/logrotate.conf >/dev/null 2>&1
To demonstrate, here's what my logs now look like.
Syslog:
Kernel log:
Hope this somewhat helps.