J and T wrote: > Using: > > shorewall-perl-4.0.1-2 > shorewall-4.0.1-2 > > I have tried everything that I can think of to stop shorewall from > puking to the console.
Shorewall is not writing anything to your console. It is klogd that is writing to your console. Shorewall has no control over where particular log messages are written. Shorewall itself only generates a log message during start, restart, stop, etc. > I get dozens if not hundreds of these directed to > the console: > > Aug 6 07:34:13 backup kernel: Shorewall:net2all:DROP:IN=eth0 OUT= > MAC=00:30:48:2f:a5:ca:00:06:53:10:18:01:08:00 SRC=124.205.138.109 > DST=xx.xx.xxx.46 LEN=404 TOS=0x00 PREC=0x20 TTL=108 ID=21755 PROTO=UDP > SPT=1031 DPT=1434 LEN=384 Shorewall FAQ 17 will tell you that this is a message generated by your net->all entry in /etc/shorewall/policy. > > I've implemented everything here (CentOS-5): > http://www.shorewall.net/FAQ.htm#faq16 > > Tip > > Under RedHat and Mandriva, the max log level that is sent to the console > is specified in /etc/sysconfig/init in the LOGLEVEL variable. Set > “LOGLEVEL=5” to suppress info (log level 6) messages on the > console. > > /etc/sysconfig/init > LOGLEVEL=5 > > /etc/rc.d/rc.sysinit > # Fix console loglevel > if [ -n "$LOGLEVEL" ]; then > /bin/dmesg -n $LOGLEVEL > fi > > I've rebooted, made sure all "*_LOGLEVEL=" in shorewall.conf are empty, > LOG_MARTIANS=No and so on, but everything that is logged to kernel.log > is echoed to the console. Again -- This is not a really a Shorewall issue. Furthermore, some of the LOGLEVEL= settings have a non-empty default so if you set them to empty, they will default to some non-empty level. So the only way that you will be able to suppress those messages using Shorewall configuration changes is to set them to 'debug'. > > Obviously I must be doing something wrong, but for the life of me I > can't figure out what it would be. > Given that twiddling dmesg on your Distribution didn't suppress log level 6 messages being written to the console, you will need to look at your klogd configuration. You have all of the initialization scripts there on your system so you will need to determine how they work. Then with the help of 'man klogd' you should be able to determine how to change the klogd configuration appropriately. I suspect that the hints in FAQ 16 for the other distributions will be helpful. And when you solve the problem, please report back with the solution so we can update the Hints in the FAQ. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
