On Fri, 5 Apr 2002, Gar Nelson wrote:> Tom Eastep wrote: > > > > What I was suggesting is that you: > > > > /etc/init.d/shorewall start > /tmp/shorewall.log 2>&1 > > > > or something similar. > > Not to be a twit or anything, but.... > > /etc/rc3.d/S25shorewall is a link to /etc/rc.d/init.d/shorewall > > Redhat fires up and looks for its run level, 3 in my case, then geos to > rc3.d and executes all the scripts that start with a capital S. That > causes shorewall to run, but it does so without a command tail of > "start" or anything else, right? The actual "shorewall start" is buried > in the shorewall script in /etc/rc.d/init.dSysVInit is smart enough to append "start" when it wants to start a service.> > Now I can understand if I change the file in rc3.d to K25shorewall, and > then edit /etc/rc.d/rc.local to run /etc/rc3.d/init.d/shorewall start > > /tmp/shorewall.log 2>&1 > I can see that would work, but it would also cause shorewall to be one > of the last processes brought up. Isn''t that a bad thing? > > I''m not trying to be dense. I''m sending off most of my paycheck to Tim > O''Reilly to populate my book shelf, and subscribing to SysAdmin, Linux > Journal, and Linux Magazine. I''m working on my "Networking 101" self > study program, but realistically I''m not at the graduate level yet. > > Anyway, thanks for your help and the fine program.Please remind us again -- what problem are you trying to solve here? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
I guess I''m guilty of trimming my messages too much. <s> Tom Eastep wrote:> > On Fri, 5 Apr 2002, Gar Nelson wrote: > > > Tom Eastep wrote: > > > > > > What I was suggesting is that you: > > > > > > /etc/init.d/shorewall start > /tmp/shorewall.log 2>&1 > > > > > > or something similar. > > > > Not to be a twit or anything, but.... > > > > /etc/rc3.d/S25shorewall is a link to /etc/rc.d/init.d/shorewall > > > > Redhat fires up and looks for its run level, 3 in my case, then geos to > > rc3.d and executes all the scripts that start with a capital S. That > > causes shorewall to run, but it does so without a command tail of > > "start" or anything else, right? The actual "shorewall start" is buried > > in the shorewall script in /etc/rc.d/init.d > > SysVInit is smart enough to append "start" when it wants to start a > service. > > > Now I can understand if I change the file in rc3.d to K25shorewall, and > > then edit /etc/rc.d/rc.local to run /etc/rc3.d/init.d/shorewall start > > > /tmp/shorewall.log 2>&1 > > I can see that would work, but it would also cause shorewall to be one > > of the last processes brought up. Isn''t that a bad thing? > > > > I''m not trying to be dense. I''m sending off most of my paycheck to Tim > > O''Reilly to populate my book shelf, and subscribing to SysAdmin, Linux > > Journal, and Linux Magazine. I''m working on my "Networking 101" self > > study program, but realistically I''m not at the graduate level yet. > > > > Anyway, thanks for your help and the fine program. > > Please remind us again -- what problem are you trying to solve here?Another guy brought up that he was getting STDERR messages all over his terminal screen when running shorewall. I''m guessing that he is also using his box as a workstation? I can see how that would be a bit disrupting. In my case, the shorewall system is dedicated, but it normally doesn''t have a screen attached to it. (kvm switch shared with a bunch of other servers). 99.9% of the time, no one will see the shorewall screen here. The error messages don''t bother me in a using the machine sense, but maybe there is something there I should see. So the question is, redirecting that STDERR to a file, and still starting up shorewall automatically at boot. /etc/init.d/shorewall start > /var/log/shorewall.log 2>&1 will work if you disable the regular sysVinit call via symbolic link in /etc/rc3.d or /etc/rc5.d and instead place the call in /etc/rc.d/rc.local That accomplishes the mission, getting shorewall to start automatically, with STDERR redirected, but it also starts shorewall last. One of the benifits of Tom''s shorewall is that you can start it before the network comes up, however, using rc.local removes that possibility. If you''re using the symbolic link in /etc/rc3.d or /etc/rc5.d, then sysVinit supplies the "start". So how do you supply the rest of the tail? "> /var/log/shorewall.log 2>&1" Is it possible?
> -----Original Message----- > From: Gar Nelson [mailto:gar.nelson@noaa.gov] > Sent: Friday, April 05, 2002 5:09 PM > To: Shorewall Users > Subject: Re: [Shorewall-users] STDERR messages (fwd) > > If you''re using the symbolic link in /etc/rc3.d or /etc/rc5.d, then > sysVinit supplies the "start". So how do you supply the rest of the > tail? "> /var/log/shorewall.log 2>&1" Is it possible? >Are you sure /etc/syslog.conf does not contain the line... kern.* /dev/console or something similar that is redirecting log messages to the console? Steve Cowles
Hi all, The answer was given for this problem of stderr all over the screen - no I am not using this as a workstation 8^/ Use dmesg -n1 to disable the spew. Regards, Christopher -----Original Message----- From: Gar Nelson [mailto:gar.nelson@noaa.gov] Sent: Friday, April 05, 2002 6:09 PM To: Shorewall Users Subject: Re: [Shorewall-users] STDERR messages (fwd) I guess I''m guilty of trimming my messages too much. <s> Tom Eastep wrote:>=20 > On Fri, 5 Apr 2002, Gar Nelson wrote: >=20 > > Tom Eastep wrote: > > > > > > What I was suggesting is that you: > > > > > > /etc/init.d/shorewall start > /tmp/shorewall.log 2>&1 > > > > > > or something similar. > > > > Not to be a twit or anything, but.... > > > > /etc/rc3.d/S25shorewall is a link to /etc/rc.d/init.d/shorewall > > > > Redhat fires up and looks for its run level, 3 in my case, then geosto> > rc3.d and executes all the scripts that start with a capital S.That> > causes shorewall to run, but it does so without a command tail of > > "start" or anything else, right? The actual "shorewall start" isburied> > in the shorewall script in /etc/rc.d/init.d >=20 > SysVInit is smart enough to append "start" when it wants to start a > service. >=20 > > Now I can understand if I change the file in rc3.d to K25shorewall,and> > then edit /etc/rc.d/rc.local to run /etc/rc3.d/init.d/shorewallstart >> > /tmp/shorewall.log 2>&1 > > I can see that would work, but it would also cause shorewall to beone> > of the last processes brought up. Isn''t that a bad thing? > > > > I''m not trying to be dense. I''m sending off most of my paycheck toTim> > O''Reilly to populate my book shelf, and subscribing to SysAdmin,Linux> > Journal, and Linux Magazine. I''m working on my "Networking 101" self > > study program, but realistically I''m not at the graduate level yet. > > > > Anyway, thanks for your help and the fine program. >=20 > Please remind us again -- what problem are you trying to solve here?Another guy brought up that he was getting STDERR messages all over his terminal screen when running shorewall. I''m guessing that he is also using his box as a workstation? I can see how that would be a bit disrupting.=20 In my case, the shorewall system is dedicated, but it normally doesn''t have a screen attached to it. (kvm switch shared with a bunch of other servers). 99.9% of the time, no one will see the shorewall screen here. The error messages don''t bother me in a using the machine sense, but maybe there is something there I should see.=20 So the question is, redirecting that STDERR to a file, and still starting up shorewall automatically at boot. /etc/init.d/shorewall start > /var/log/shorewall.log 2>&1 will work if you disable the regular sysVinit call via symbolic link in /etc/rc3.d or /etc/rc5.d and instead place the call in /etc/rc.d/rc.local That accomplishes the mission, getting shorewall to start automatically, with STDERR redirected, but it also starts shorewall last. One of the benifits of Tom''s shorewall is that you can start it before the network comes up, however, using rc.local removes that possibility.=20 If you''re using the symbolic link in /etc/rc3.d or /etc/rc5.d, then sysVinit supplies the "start". So how do you supply the rest of the tail? "> /var/log/shorewall.log 2>&1" Is it possible?
"Cowles, Steve" wrote:> > -----Original Message----- > > From: Gar Nelson [mailto:gar.nelson@noaa.gov] > > Sent: Friday, April 05, 2002 5:09 PM > > To: Shorewall Users > > Subject: Re: [Shorewall-users] STDERR messages (fwd) > > > > If you''re using the symbolic link in /etc/rc3.d or /etc/rc5.d, then > > sysVinit supplies the "start". So how do you supply the rest of the > > tail? "> /var/log/shorewall.log 2>&1" Is it possible? > > > > Are you sure /etc/syslog.conf does not contain the line... > > kern.* /dev/console > > or something similar that is redirecting log messages to the console?Indeed. On my (Red Hat 7.2) boxes, shorewall starts up silently every time, with no special action taken. BTW, may i recommend that in /etc/syslog.conf, you put something like this? *.info /dev/tty12 That makes messages go not to the currently selected virtual console but to a fixed one (VC 12). This means that you can press Alt-F12 to see your current messages. Mandrake do this in their default install, and i''ve found it very helpful. Paul http://paulgear.webhop.net
On Fri, 5 Apr 2002, Gar Nelson wrote:> I guess I''m guilty of trimming my messages too much. <s> > > Another guy brought up that he was getting STDERR messages all over his > terminal screen when running shorewall. I''m guessing that he is also > using his box as a workstation? I can see how that would be a bit > disrupting. >Two things about the initial report: a) The fellow was trying to create a "Linux from Scratch" router. b) His complaint was that if his Shorewall configuration was wrong then the STDERR messages messed up his display. The obvious solution to that problem was "fix your Shorewall configuration" or modify the way you are starting it to redirect standard error.> In my case, the shorewall system is dedicated, but it normally doesn''t > have a screen attached to it. (kvm switch shared with a bunch of other > servers). 99.9% of the time, no one will see the shorewall screen here. > The error messages don''t bother me in a using the machine sense, but > maybe there is something there I should see. > > So the question is, redirecting that STDERR to a file, and still > starting up shorewall automatically at boot.Again, I think this is a tempest in a teapot -- if you don''t like Shorewall''s STDERR messages then fix your Shorewall configuration so that the messages no longer occur.> > /etc/init.d/shorewall start > /var/log/shorewall.log 2>&1 will work if > you disable the regular sysVinit call via symbolic link in /etc/rc3.d or > /etc/rc5.d and instead place the call in /etc/rc.d/rc.local That > accomplishes the mission, getting shorewall to start automatically, with > STDERR redirected, but it also starts shorewall last. > > One of the benifits of Tom''s shorewall is that you can start it before > the network comes up, however, using rc.local removes that possibility. > > If you''re using the symbolic link in /etc/rc3.d or /etc/rc5.d, then > sysVinit supplies the "start". So how do you supply the rest of the > tail? "> /var/log/shorewall.log 2>&1" Is it possible?Again -- fix you Shorewall configuration so that there are no error messages. Remember that Shorewall isn''t something that runs continuously in your system -- it''s a tool for configuring NetFilter and once NetFilter is configured, Shorewall''s job is done (until you want to change or stop your configuration). -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net