Re: [Shorewall-users] Can't seem to stop console messages

2007-08-07 Thread Tom Eastep 
J and T wrote:
 No other messages are dumped there, just Shorewall. If 
 I log in from another box using SSH, no shorewall messages are seen. But as 
 soon as I go back to the server room, Shorewall messages are scattered on 
 the server's console (login prompt).
 
 It's weired don't you think?

Not especially, given that you are using such a high priority (level) for
Netfilter messages. I imagine that those are the only messages being logged
with priority 0-3.

-Tom
-- 
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



signature.asc
Description: OpenPGP digital signature
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Can't seem to stop console messages

2007-08-07 Thread Tom Eastep 
J and T wrote:


 
 I think the most confusing part about all this is how many different 
 configuration files make up the logging. The biggest problem is in the 
 naming of their files:
 
 /etc/syslog.conf - you would think it would be done here. After all, this 
 is the conf file.
 
 /etc/sysconfig/syslog - while it doesn't state conf, it is indeed the 
 configuration file you need to be working on. This exists at least as far 
 back as Red Hat 7.3.
 

The .conf files configure the services themselves. The /etc/sysconfig/ files
(/etc/default/ under Debian and derivatives) configure the startup of
services by the init system.

The .conf files are typically supplied by the individual products. The files
in /etc/sysconfig (/etc/default/) are typically supplied by the distribution
since there is little standardization between the distros regarding init.

-Tom
-- 
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



signature.asc
Description: OpenPGP digital signature
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Can't seem to stop console messages

2007-08-06 Thread Joerg Mertin 
It's what is defined as console at boot-up that got sent all debug
message...
This one is usually set by the kernel or ulog upon booting - and on the
boot-prompt, you tell the kernel where to send the log-messages. By
default it goes to console.

I'm using it actually quite heavily on my servers - to redirect output
to a serial-device...

In my grub boot-prompt, here is what I have:
title   Ubuntu, 2.6.15-28-686 (hd0,0)
root(hd0,0)
kernel  /vmlinuz-2.6.15-28-686 root=/dev/md1 ro resume=/dev/md5\
console=tty0 console=ttyS0,115200n8
initrd  /initrd.img-2.6.15-28-686
savedefault
boot

Here you can see that I have a console=ttyS0 and console=tty0 giving me
the possibility upon boot to select the kernel to boot through serial
console or console directly.
Note that dmesg message will always be sent to the last entry in the line.

Try playing with this a little ...
Cheers

Joerg

J and T wrote:
 Using:
 
 shorewall-perl-4.0.1-2
 shorewall-4.0.1-2
 
 I have tried everything that I can think of to stop shorewall from
 puking to the console. I get dozens if not hundreds of these directed to
 the console:
 
 Aug  6 07:34:13 backup kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
 MAC=00:30:48:2f:a5:ca:00:06:53:10:18:01:08:00 SRC=124.205.138.109
 DST=xx.xx.xxx.46 LEN=404 TOS=0x00 PREC=0x20 TTL=108 ID=21755 PROTO=UDP
 SPT=1031 DPT=1434 LEN=384
 
 Aug  6 07:47:48 backup kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
 MAC=00:30:48:2f:a5:ca:00:06:53:10:18:01:08:00 SRC=193.251.8.253
 DST=xx.xx.xxx.46 LEN=60 TOS=0x00 PREC=0x20 TTL=47 ID=416 DF PROTO=TCP
 SPT=38770 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
 
 I've implemented everything here (CentOS-5):
 http://www.shorewall.net/FAQ.htm#faq16
 
 Tip
 
 Under RedHat and Mandriva, the max log level that is sent to the console
 is specified in /etc/sysconfig/init in the LOGLEVEL variable. Set
 #8220;LOGLEVEL=5#8221; to suppress info (log level 6) messages on the
 console.
 
 /etc/sysconfig/init
 LOGLEVEL=5
 
 /etc/rc.d/rc.sysinit
 # Fix console loglevel
 if [ -n $LOGLEVEL ]; then
/bin/dmesg -n $LOGLEVEL
 fi
 
 I've rebooted, made sure all *_LOGLEVEL= in shorewall.conf are empty,
 LOG_MARTIANS=No and so on, but everything that is logged to kernel.log
 is echoed to the console.
 
 Obviously I must be doing something wrong, but for the life of me I
 can't figure out what it would be.
 
 Thanks for any help,
 John

-- 

| Joerg Mertin  :  [EMAIL PROTECTED](Home)|
| in Forchheim/Germany  :  [EMAIL PROTECTED]  (Alt1)|
| Stardust's LiNUX System   :  |
| Web: http://www.solsys.org   |

PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Can't seem to stop console messages

2007-08-06 Thread Tom Eastep 
J and T wrote:
 Using:
 
 shorewall-perl-4.0.1-2
 shorewall-4.0.1-2
 
 I have tried everything that I can think of to stop shorewall from
 puking to the console.

Shorewall is not writing anything to your console. It is klogd that is
writing to your console. Shorewall has no control over where particular log
messages are written. Shorewall itself only generates a log message during
start, restart, stop, etc.

 I get dozens if not hundreds of these directed to
 the console:
 
 Aug  6 07:34:13 backup kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
 MAC=00:30:48:2f:a5:ca:00:06:53:10:18:01:08:00 SRC=124.205.138.109
 DST=xx.xx.xxx.46 LEN=404 TOS=0x00 PREC=0x20 TTL=108 ID=21755 PROTO=UDP
 SPT=1031 DPT=1434 LEN=384

Shorewall FAQ 17 will tell you that this is a message generated by your
net-all entry in /etc/shorewall/policy.

 
 I've implemented everything here (CentOS-5):
 http://www.shorewall.net/FAQ.htm#faq16
 
 Tip
 
 Under RedHat and Mandriva, the max log level that is sent to the console
 is specified in /etc/sysconfig/init in the LOGLEVEL variable. Set
 #8220;LOGLEVEL=5#8221; to suppress info (log level 6) messages on the
 console.
 
 /etc/sysconfig/init
 LOGLEVEL=5
 
 /etc/rc.d/rc.sysinit
 # Fix console loglevel
 if [ -n $LOGLEVEL ]; then
/bin/dmesg -n $LOGLEVEL
 fi
 
 I've rebooted, made sure all *_LOGLEVEL= in shorewall.conf are empty,
 LOG_MARTIANS=No and so on, but everything that is logged to kernel.log
 is echoed to the console.

Again -- This is not a really a Shorewall issue. Furthermore, some of the
LOGLEVEL= settings have a non-empty default so if you set them to empty,
they will default to some non-empty level. So the only way that you will be
able to suppress those messages using Shorewall configuration changes is to
set them to 'debug'.

 
 Obviously I must be doing something wrong, but for the life of me I
 can't figure out what it would be.
 

Given that twiddling dmesg on your Distribution didn't suppress log level 6
messages being written to the console, you will need to look at your klogd
configuration. You have all of the initialization scripts there on your
system so you will need to determine how they work. Then with the help of
'man klogd' you should be able to determine how to change the klogd
configuration appropriately. I suspect that the hints in FAQ 16 for the
other distributions will be helpful.

And when you solve the problem, please report back with the solution so we
can update the Hints in the FAQ.

Thanks,
-Tom
-- 
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



signature.asc
Description: OpenPGP digital signature
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Can't seem to stop console messages

2007-08-06 Thread J and T 
I didn't mean to offend you Tom by saying Shorewall was puking on my 
console. I realize it is klogd. But I've been using Shorewall for years and 
now after upgrading only shorewall messages are being sent to the console. 
No other system messages are being sent to the console so I was confused as 
to why only Shorewall. I still can't figure it out. I thought that possibly 
Shorewall was sending this as critical and that's why it was seen on the 
console.


Anyway I'm sorry to have said something that I shouldn't have. I'll try to 
track down the problem myself.


Regards,
John



J and T wrote:

 Using:

 shorewall-perl-4.0.1-2
 shorewall-4.0.1-2

 I have tried everything that I can think of to stop shorewall from
 puking to the console.

Shorewall is not writing anything to your console. It is klogd that is
writing to your console. Shorewall has no control over where particular log
messages are written. Shorewall itself only generates a log message during
start, restart, stop, etc.

 I get dozens if not hundreds of these directed to
 the console:

 Aug  6 07:34:13 backup kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
 MAC=00:30:48:2f:a5:ca:00:06:53:10:18:01:08:00 SRC=124.205.138.109
 DST=xx.xx.xxx.46 LEN=404 TOS=0x00 PREC=0x20 TTL=108 ID=21755 PROTO=UDP
 SPT=1031 DPT=1434 LEN=384

Shorewall FAQ 17 will tell you that this is a message generated by your
net-all entry in /etc/shorewall/policy.


 I've implemented everything here (CentOS-5):
 http://www.shorewall.net/FAQ.htm#faq16

 Tip

 Under RedHat and Mandriva, the max log level that is sent to the console
 is specified in /etc/sysconfig/init in the LOGLEVEL variable. Set
 #8220;LOGLEVEL=5#8221; to suppress info (log level 6) messages on the
 console.

 /etc/sysconfig/init
 LOGLEVEL=5

 /etc/rc.d/rc.sysinit
 # Fix console loglevel
 if [ -n $LOGLEVEL ]; then
/bin/dmesg -n $LOGLEVEL
 fi

 I've rebooted, made sure all *_LOGLEVEL= in shorewall.conf are empty,
 LOG_MARTIANS=No and so on, but everything that is logged to kernel.log
 is echoed to the console.

Again -- This is not a really a Shorewall issue. Furthermore, some of the
LOGLEVEL= settings have a non-empty default so if you set them to empty,
they will default to some non-empty level. So the only way that you will be
able to suppress those messages using Shorewall configuration changes is to
set them to 'debug'.


 Obviously I must be doing something wrong, but for the life of me I
 can't figure out what it would be.


Given that twiddling dmesg on your Distribution didn't suppress log level 6
messages being written to the console, you will need to look at your klogd
configuration. You have all of the initialization scripts there on your
system so you will need to determine how they work. Then with the help of
'man klogd' you should be able to determine how to change the klogd
configuration appropriately. I suspect that the hints in FAQ 16 for the
other distributions will be helpful.

And when you solve the problem, please report back with the solution so we
can update the Hints in the FAQ.

Thanks,
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key





 signature.asc 






-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/




___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


_
Find a local pizza place, movie theater, and moreĀ….then map the best route! 
http://maps.live.com/default.aspx?v=2ss=yp.bars~yp.pizza~yp.movie%20theatercp=42.358996~-71.056691style=rlvl=13tilt=-90dir=0alt=-1000scene=950607encType=1FORM=MGAC01



-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Can't seem to stop console messages

2007-08-06 Thread Tom Eastep 
J and T wrote:
 I didn't mean to offend you Tom by saying Shorewall was puking on my
 console.

John,

No offense was taken. I just wanted it to be clear, both to you and to
future readers of this thread, that control of logging is outside of Shorewall.

 I realize it is klogd. But I've been using Shorewall for years
 and now after upgrading only shorewall messages are being sent to the
 console. No other system messages are being sent to the console so I was
 confused as to why only Shorewall. I still can't figure it out. I
 thought that possibly Shorewall was sending this as critical and
 that's why it was seen on the console.

You can check on what level Shorewall is setting in LOG messages by:

shorewall dump | grep LOG

Example:

0 0 LOG0--  *  *   0.0.0.0/0
0.0.0.0/0   LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 LOG0--  *  *   0.0.0.0/0
0.0.0.0/0   LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
...

The 'level 6' in these messages means log level 6 which is 'info'.

 
 Anyway I'm sorry to have said something that I shouldn't have. I'll try
 to track down the problem myself.
 

Not at all. I apologize if I gave that impression. In my own defense, I've
been up for most of the last 30 hours; I had a house guest become violently
ill last night and he ended up in the ICU at the local Hospital. So I'm a
little grumpy today.

-Tom
-- 
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



signature.asc
Description: OpenPGP digital signature
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Can't seem to stop console messages

2007-08-06 Thread J and T 
Thanks for the reply Tom. All mine show log level 3 and I have kern.* sent 
to /var/log/kernel.log and nothing sent to console, but these are still sent 
to console which is strange.

I'm sure I'll figure it out somewhere down the road. It's all about 
syslog.conf I know. Something must have changed from previous old RH 
versions (ie, RH 7.3) because syslog.conf in all machines here are 
identical. However the other machines don't get hit on the console (except 
for *.emerg of course). Something's different and I have yet to find what it 
is.

I hope your house guest gets well.

Thanks again for your time and wonderful firewall,
John


J and T wrote:
  I didn't mean to offend you Tom by saying Shorewall was puking on my
  console.

John,

No offense was taken. I just wanted it to be clear, both to you and to
future readers of this thread, that control of logging is outside of 
Shorewall.

  I realize it is klogd. But I've been using Shorewall for years
  and now after upgrading only shorewall messages are being sent to the
  console. No other system messages are being sent to the console so I was
  confused as to why only Shorewall. I still can't figure it out. I
  thought that possibly Shorewall was sending this as critical and
  that's why it was seen on the console.

You can check on what level Shorewall is setting in LOG messages by:

   shorewall dump | grep LOG

Example:

 0 0 LOG0--  *  *   0.0.0.0/0
0.0.0.0/0   LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
 0 0 LOG0--  *  *   0.0.0.0/0
0.0.0.0/0   LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
...

The 'level 6' in these messages means log level 6 which is 'info'.

 
  Anyway I'm sorry to have said something that I shouldn't have. I'll try
  to track down the problem myself.
 

Not at all. I apologize if I gave that impression. In my own defense, I've
been up for most of the last 30 hours; I had a house guest become violently
ill last night and he ended up in the ICU at the local Hospital. So I'm a
little grumpy today.

-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



 signature.asc 




-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/


___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

_
Booking a flight? Know when to buy with airfare predictions on MSN Travel. 
http://travel.msn.com/Articles/aboutfarecast.aspxocid=T001MSN25A07001


-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Can't seem to stop console messages

2007-08-06 Thread Tom Eastep 
J and T wrote:
 Thanks for the reply Tom. All mine show log level 3 

Wait a minute -- if you have level 3 configured in Shorewall then you must
set LOGLEVEL=2 in /etc/sysconfig/init in order to suppress the messages
being written to the console.

-Tom
-- 
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



signature.asc
Description: OpenPGP digital signature
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Can't seem to stop console messages

2007-08-06 Thread J and T 
Of course!

--
Tip

Under RedHat and Mandriva, the max log level that is sent to the console is 
specified in /etc/sysconfig/init in the LOGLEVEL variable. Set 
#8220;LOGLEVEL=5#8221; to suppress info (log level 6) messages on the 
console.
--

It makes perfect sense now that I put two and two together! So if I 
configure Shorewall with level 6 (info) then setting LOGLEVEL=5 (notice in 
/etc/sysconfig/init) would suppress these to console. Your instructions 
state this clearly, but I just didn't put the two together.

So I changed /etc/sysconfig/init to LOGLEVEL=2 and even rebooted the 
machine. But these messages are still dumping to the console.

I've been using Shorewall for many years. In the last couple of months I 
upgraded my desktop to Fedora 7. Installed Shorewall first thing. But since 
now everything is in graphic mode (run level 5), I never noticed anything on 
the console because I never see it. But now that I put together a new server 
with CentOS-5 and changed it to runlevel 3, all Shorewall messages are 
directed to console. No other messages are dumped there, just Shorewall. If 
I log in from another box using SSH, no shorewall messages are seen. But as 
soon as I go back to the server room, Shorewall messages are scattered on 
the server's console (login prompt).

It's weired don't you think? Since it's a test box I'll send everything to 
/dev/null and see what happens.

Thanks again,
John


J and T wrote:
  Thanks for the reply Tom. All mine show log level 3

Wait a minute -- if you have level 3 configured in Shorewall then you must
set LOGLEVEL=2 in /etc/sysconfig/init in order to suppress the messages
being written to the console.

-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



 signature.asc 




-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/


___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

_
A new home for Mom, no cleanup required. All starts here. 
http://www.reallivemoms.com?ocid=TXT_TAGHMloc=us


-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users