Re: [Shorewall-users] Can't seem to stop console messages
J and T wrote: No other messages are dumped there, just Shorewall. If I log in from another box using SSH, no shorewall messages are seen. But as soon as I go back to the server room, Shorewall messages are scattered on the server's console (login prompt). It's weired don't you think? Not especially, given that you are using such a high priority (level) for Netfilter messages. I imagine that those are the only messages being logged with priority 0-3. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc Description: OpenPGP digital signature - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Can't seem to stop console messages
J and T wrote: I think the most confusing part about all this is how many different configuration files make up the logging. The biggest problem is in the naming of their files: /etc/syslog.conf - you would think it would be done here. After all, this is the conf file. /etc/sysconfig/syslog - while it doesn't state conf, it is indeed the configuration file you need to be working on. This exists at least as far back as Red Hat 7.3. The .conf files configure the services themselves. The /etc/sysconfig/ files (/etc/default/ under Debian and derivatives) configure the startup of services by the init system. The .conf files are typically supplied by the individual products. The files in /etc/sysconfig (/etc/default/) are typically supplied by the distribution since there is little standardization between the distros regarding init. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc Description: OpenPGP digital signature - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Can't seem to stop console messages
It's what is defined as console at boot-up that got sent all debug message... This one is usually set by the kernel or ulog upon booting - and on the boot-prompt, you tell the kernel where to send the log-messages. By default it goes to console. I'm using it actually quite heavily on my servers - to redirect output to a serial-device... In my grub boot-prompt, here is what I have: title Ubuntu, 2.6.15-28-686 (hd0,0) root(hd0,0) kernel /vmlinuz-2.6.15-28-686 root=/dev/md1 ro resume=/dev/md5\ console=tty0 console=ttyS0,115200n8 initrd /initrd.img-2.6.15-28-686 savedefault boot Here you can see that I have a console=ttyS0 and console=tty0 giving me the possibility upon boot to select the kernel to boot through serial console or console directly. Note that dmesg message will always be sent to the last entry in the line. Try playing with this a little ... Cheers Joerg J and T wrote: Using: shorewall-perl-4.0.1-2 shorewall-4.0.1-2 I have tried everything that I can think of to stop shorewall from puking to the console. I get dozens if not hundreds of these directed to the console: Aug 6 07:34:13 backup kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:30:48:2f:a5:ca:00:06:53:10:18:01:08:00 SRC=124.205.138.109 DST=xx.xx.xxx.46 LEN=404 TOS=0x00 PREC=0x20 TTL=108 ID=21755 PROTO=UDP SPT=1031 DPT=1434 LEN=384 Aug 6 07:47:48 backup kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:30:48:2f:a5:ca:00:06:53:10:18:01:08:00 SRC=193.251.8.253 DST=xx.xx.xxx.46 LEN=60 TOS=0x00 PREC=0x20 TTL=47 ID=416 DF PROTO=TCP SPT=38770 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0 I've implemented everything here (CentOS-5): http://www.shorewall.net/FAQ.htm#faq16 Tip Under RedHat and Mandriva, the max log level that is sent to the console is specified in /etc/sysconfig/init in the LOGLEVEL variable. Set #8220;LOGLEVEL=5#8221; to suppress info (log level 6) messages on the console. /etc/sysconfig/init LOGLEVEL=5 /etc/rc.d/rc.sysinit # Fix console loglevel if [ -n $LOGLEVEL ]; then /bin/dmesg -n $LOGLEVEL fi I've rebooted, made sure all *_LOGLEVEL= in shorewall.conf are empty, LOG_MARTIANS=No and so on, but everything that is logged to kernel.log is echoed to the console. Obviously I must be doing something wrong, but for the life of me I can't figure out what it would be. Thanks for any help, John -- | Joerg Mertin : [EMAIL PROTECTED](Home)| | in Forchheim/Germany : [EMAIL PROTECTED] (Alt1)| | Stardust's LiNUX System : | | Web: http://www.solsys.org | PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Can't seem to stop console messages
J and T wrote: Using: shorewall-perl-4.0.1-2 shorewall-4.0.1-2 I have tried everything that I can think of to stop shorewall from puking to the console. Shorewall is not writing anything to your console. It is klogd that is writing to your console. Shorewall has no control over where particular log messages are written. Shorewall itself only generates a log message during start, restart, stop, etc. I get dozens if not hundreds of these directed to the console: Aug 6 07:34:13 backup kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:30:48:2f:a5:ca:00:06:53:10:18:01:08:00 SRC=124.205.138.109 DST=xx.xx.xxx.46 LEN=404 TOS=0x00 PREC=0x20 TTL=108 ID=21755 PROTO=UDP SPT=1031 DPT=1434 LEN=384 Shorewall FAQ 17 will tell you that this is a message generated by your net-all entry in /etc/shorewall/policy. I've implemented everything here (CentOS-5): http://www.shorewall.net/FAQ.htm#faq16 Tip Under RedHat and Mandriva, the max log level that is sent to the console is specified in /etc/sysconfig/init in the LOGLEVEL variable. Set #8220;LOGLEVEL=5#8221; to suppress info (log level 6) messages on the console. /etc/sysconfig/init LOGLEVEL=5 /etc/rc.d/rc.sysinit # Fix console loglevel if [ -n $LOGLEVEL ]; then /bin/dmesg -n $LOGLEVEL fi I've rebooted, made sure all *_LOGLEVEL= in shorewall.conf are empty, LOG_MARTIANS=No and so on, but everything that is logged to kernel.log is echoed to the console. Again -- This is not a really a Shorewall issue. Furthermore, some of the LOGLEVEL= settings have a non-empty default so if you set them to empty, they will default to some non-empty level. So the only way that you will be able to suppress those messages using Shorewall configuration changes is to set them to 'debug'. Obviously I must be doing something wrong, but for the life of me I can't figure out what it would be. Given that twiddling dmesg on your Distribution didn't suppress log level 6 messages being written to the console, you will need to look at your klogd configuration. You have all of the initialization scripts there on your system so you will need to determine how they work. Then with the help of 'man klogd' you should be able to determine how to change the klogd configuration appropriately. I suspect that the hints in FAQ 16 for the other distributions will be helpful. And when you solve the problem, please report back with the solution so we can update the Hints in the FAQ. Thanks, -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc Description: OpenPGP digital signature - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Can't seem to stop console messages
I didn't mean to offend you Tom by saying Shorewall was puking on my console. I realize it is klogd. But I've been using Shorewall for years and now after upgrading only shorewall messages are being sent to the console. No other system messages are being sent to the console so I was confused as to why only Shorewall. I still can't figure it out. I thought that possibly Shorewall was sending this as critical and that's why it was seen on the console. Anyway I'm sorry to have said something that I shouldn't have. I'll try to track down the problem myself. Regards, John J and T wrote: Using: shorewall-perl-4.0.1-2 shorewall-4.0.1-2 I have tried everything that I can think of to stop shorewall from puking to the console. Shorewall is not writing anything to your console. It is klogd that is writing to your console. Shorewall has no control over where particular log messages are written. Shorewall itself only generates a log message during start, restart, stop, etc. I get dozens if not hundreds of these directed to the console: Aug 6 07:34:13 backup kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:30:48:2f:a5:ca:00:06:53:10:18:01:08:00 SRC=124.205.138.109 DST=xx.xx.xxx.46 LEN=404 TOS=0x00 PREC=0x20 TTL=108 ID=21755 PROTO=UDP SPT=1031 DPT=1434 LEN=384 Shorewall FAQ 17 will tell you that this is a message generated by your net-all entry in /etc/shorewall/policy. I've implemented everything here (CentOS-5): http://www.shorewall.net/FAQ.htm#faq16 Tip Under RedHat and Mandriva, the max log level that is sent to the console is specified in /etc/sysconfig/init in the LOGLEVEL variable. Set #8220;LOGLEVEL=5#8221; to suppress info (log level 6) messages on the console. /etc/sysconfig/init LOGLEVEL=5 /etc/rc.d/rc.sysinit # Fix console loglevel if [ -n $LOGLEVEL ]; then /bin/dmesg -n $LOGLEVEL fi I've rebooted, made sure all *_LOGLEVEL= in shorewall.conf are empty, LOG_MARTIANS=No and so on, but everything that is logged to kernel.log is echoed to the console. Again -- This is not a really a Shorewall issue. Furthermore, some of the LOGLEVEL= settings have a non-empty default so if you set them to empty, they will default to some non-empty level. So the only way that you will be able to suppress those messages using Shorewall configuration changes is to set them to 'debug'. Obviously I must be doing something wrong, but for the life of me I can't figure out what it would be. Given that twiddling dmesg on your Distribution didn't suppress log level 6 messages being written to the console, you will need to look at your klogd configuration. You have all of the initialization scripts there on your system so you will need to determine how they work. Then with the help of 'man klogd' you should be able to determine how to change the klogd configuration appropriately. I suspect that the hints in FAQ 16 for the other distributions will be helpful. And when you solve the problem, please report back with the solution so we can update the Hints in the FAQ. Thanks, -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users _ Find a local pizza place, movie theater, and moreĀ .then map the best route! http://maps.live.com/default.aspx?v=2ss=yp.bars~yp.pizza~yp.movie%20theatercp=42.358996~-71.056691style=rlvl=13tilt=-90dir=0alt=-1000scene=950607encType=1FORM=MGAC01 - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Can't seem to stop console messages
J and T wrote: I didn't mean to offend you Tom by saying Shorewall was puking on my console. John, No offense was taken. I just wanted it to be clear, both to you and to future readers of this thread, that control of logging is outside of Shorewall. I realize it is klogd. But I've been using Shorewall for years and now after upgrading only shorewall messages are being sent to the console. No other system messages are being sent to the console so I was confused as to why only Shorewall. I still can't figure it out. I thought that possibly Shorewall was sending this as critical and that's why it was seen on the console. You can check on what level Shorewall is setting in LOG messages by: shorewall dump | grep LOG Example: 0 0 LOG0-- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 0 0 LOG0-- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' ... The 'level 6' in these messages means log level 6 which is 'info'. Anyway I'm sorry to have said something that I shouldn't have. I'll try to track down the problem myself. Not at all. I apologize if I gave that impression. In my own defense, I've been up for most of the last 30 hours; I had a house guest become violently ill last night and he ended up in the ICU at the local Hospital. So I'm a little grumpy today. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc Description: OpenPGP digital signature - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Can't seem to stop console messages
Thanks for the reply Tom. All mine show log level 3 and I have kern.* sent to /var/log/kernel.log and nothing sent to console, but these are still sent to console which is strange. I'm sure I'll figure it out somewhere down the road. It's all about syslog.conf I know. Something must have changed from previous old RH versions (ie, RH 7.3) because syslog.conf in all machines here are identical. However the other machines don't get hit on the console (except for *.emerg of course). Something's different and I have yet to find what it is. I hope your house guest gets well. Thanks again for your time and wonderful firewall, John J and T wrote: I didn't mean to offend you Tom by saying Shorewall was puking on my console. John, No offense was taken. I just wanted it to be clear, both to you and to future readers of this thread, that control of logging is outside of Shorewall. I realize it is klogd. But I've been using Shorewall for years and now after upgrading only shorewall messages are being sent to the console. No other system messages are being sent to the console so I was confused as to why only Shorewall. I still can't figure it out. I thought that possibly Shorewall was sending this as critical and that's why it was seen on the console. You can check on what level Shorewall is setting in LOG messages by: shorewall dump | grep LOG Example: 0 0 LOG0-- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 0 0 LOG0-- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' ... The 'level 6' in these messages means log level 6 which is 'info'. Anyway I'm sorry to have said something that I shouldn't have. I'll try to track down the problem myself. Not at all. I apologize if I gave that impression. In my own defense, I've been up for most of the last 30 hours; I had a house guest become violently ill last night and he ended up in the ICU at the local Hospital. So I'm a little grumpy today. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users _ Booking a flight? Know when to buy with airfare predictions on MSN Travel. http://travel.msn.com/Articles/aboutfarecast.aspxocid=T001MSN25A07001 - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Can't seem to stop console messages
J and T wrote: Thanks for the reply Tom. All mine show log level 3 Wait a minute -- if you have level 3 configured in Shorewall then you must set LOGLEVEL=2 in /etc/sysconfig/init in order to suppress the messages being written to the console. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc Description: OpenPGP digital signature - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Can't seem to stop console messages
Of course! -- Tip Under RedHat and Mandriva, the max log level that is sent to the console is specified in /etc/sysconfig/init in the LOGLEVEL variable. Set #8220;LOGLEVEL=5#8221; to suppress info (log level 6) messages on the console. -- It makes perfect sense now that I put two and two together! So if I configure Shorewall with level 6 (info) then setting LOGLEVEL=5 (notice in /etc/sysconfig/init) would suppress these to console. Your instructions state this clearly, but I just didn't put the two together. So I changed /etc/sysconfig/init to LOGLEVEL=2 and even rebooted the machine. But these messages are still dumping to the console. I've been using Shorewall for many years. In the last couple of months I upgraded my desktop to Fedora 7. Installed Shorewall first thing. But since now everything is in graphic mode (run level 5), I never noticed anything on the console because I never see it. But now that I put together a new server with CentOS-5 and changed it to runlevel 3, all Shorewall messages are directed to console. No other messages are dumped there, just Shorewall. If I log in from another box using SSH, no shorewall messages are seen. But as soon as I go back to the server room, Shorewall messages are scattered on the server's console (login prompt). It's weired don't you think? Since it's a test box I'll send everything to /dev/null and see what happens. Thanks again, John J and T wrote: Thanks for the reply Tom. All mine show log level 3 Wait a minute -- if you have level 3 configured in Shorewall then you must set LOGLEVEL=2 in /etc/sysconfig/init in order to suppress the messages being written to the console. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users _ A new home for Mom, no cleanup required. All starts here. http://www.reallivemoms.com?ocid=TXT_TAGHMloc=us - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users