From bcdbb13a6647585abfb9be7e7445a3724d4fe954 Mon Sep 17 00:00:00 2001
From: Gleb Smirnoff <glebius@FreeBSD.org>
Date: Tue, 22 Feb 2005 08:03:09 +0000
Subject: [PATCH] Do not print kernel debugging on console. In case of serial
 console this can cause a really heavy load on system. Several kernel
 debugging messages can be triggered even remotely (e.g. bad ARP replies).

Use kern.warning instead, so that really significant messages still
will be printed on console.

Reviewed by:	current@
MFC after:	1 week
Security:	this change fixes a DoS condition, when default system
		console is serial, and box is flooded with bogus ARP
		packets
---
 etc/syslog.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/syslog.conf b/etc/syslog.conf
index db88242c02ee..507bd0fdeb9b 100644
--- a/etc/syslog.conf
+++ b/etc/syslog.conf
@@ -6,7 +6,7 @@
 #	may want to use only tabs as field separators here.
 #	Consult the syslog.conf(5) manpage.
 *.err;kern.debug;auth.notice;mail.crit		/dev/console
-*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err	/var/log/messages
+*.notice;authpriv.none;kern.warning;lpr.info;mail.crit;news.err	/var/log/messages
 security.*					/var/log/security
 auth.info;authpriv.info				/var/log/auth.log
 mail.info					/var/log/maillog