I configured Shorewall to log only REJECTed packets. It''s doing fine, sending to /var/log/messages, BUT it''s also sending to the console. I checked a lot of things but the SYSLOG is totally default, out of box. It''s a RedHat 7.2 plain (minimal) installation, totally updated via RHN (up2date), with the default syslog.conf. I used the script below to test and only "emerg" priority were send to the console. I''m using REJECT:info. And only Shorewall messages are going to the console. Any idea ? -Gilson ------------------------------------------------------- for i in {auth,authpriv,cron,daemon,kern,lpr,mail,mark,news,syslog,user,uucp,local0,local1,local2,local3,local4,local5,local6,local7} do for k in {debug,info,notice,warning,err,crit,alert,emerg} do logger -p $i.$k "Test message, facility $i priority $k" done done -------------------------------------------------------
On Wed, 8 May 2002, Gilson Soares wrote:> I configured Shorewall to log only REJECTed packets. > It''s doing fine, sending to /var/log/messages, BUT it''s also sending to the > console. > > I checked a lot of things but the SYSLOG is totally default, out of box. > It''s a RedHat 7.2 plain (minimal) installation, totally updated via RHN > (up2date), with the default syslog.conf. > > I used the script below to test and only "emerg" priority were send to the > console. > I''m using REJECT:info. And only Shorewall messages are going to the console. > > Any idea ? >FAQ #16 -- http://www.shorewall.net/FAQ.htm#faq16 -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Wed, 8 May 2002, Tom Eastep wrote:> On Wed, 8 May 2002, Gilson Soares wrote: > > > I configured Shorewall to log only REJECTed packets. > > It''s doing fine, sending to /var/log/messages, BUT it''s also sending to the > > console. > > > > I checked a lot of things but the SYSLOG is totally default, out of box. > > It''s a RedHat 7.2 plain (minimal) installation, totally updated via RHN > > (up2date), with the default syslog.conf. > > > > I used the script below to test and only "emerg" priority were send to the > > console. > >Unfortunately, logger and kernel printk use different mechanisms.> > I''m using REJECT:info. And only Shorewall messages are going to the console. > > > > Any idea ? > > > > FAQ #16 -- http://www.shorewall.net/FAQ.htm#faq16 >In RH7.2, there''s a file called /etc/sysconfig/init that sets a variable called LOGLEVEL. That is passed to dmesg in the rc.sysinit script. In my RH setup, it is set to 3. You can see how the console is configured WRT kernel printk messages by: [root@gateway sysconfig]# cat /proc/sys/kernel/printk 3 4 1 7 [root@gateway sysconfig]# The four numbers are: - console_loglevel: messages with a higher priority than this will be printed to the console - default_message_level: messages without an explicit priority will be printed with this priority - minimum_console_loglevel: minimum (highest) value to which console_loglevel can be set - default_console_loglevel: default value for console_loglevel -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
You can also quickly verify that Shorewall is setting the log level correctly: [root@gateway sysconfig]# shorewall status | grep LOG 0 0 LOG all --- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'' 0 0 LOG all --- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'' 0 0 LOG all --- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'' 0 0 LOG all --- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'' 0 0 LOG tcp --- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp spt:20 dpts:1024:65535 LOG flags 0 level 6 prefix `Shorewall:dmz2net:ACCEPT:'' 0 0 LOG tcp --- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:6667 LOG flags 0 level 6 prefix `Shorewall:loc2net:REJECT:'' 0 0 LOG all --- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:'' 4 188 LOG all --- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'' 0 0 LOG all --- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:'' [root@gateway sysconfig]# ls /proc/sys The "level 6" corresponds to INFO (see "man syslog"). -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
At 11:02 AM 5/8/2002 -0700, Tom Eastep wrote:>On Wed, 8 May 2002, Tom Eastep wrote: > > > On Wed, 8 May 2002, Gilson Soares wrote: > > > > > I configured Shorewall to log only REJECTed packets. > > > It''s doing fine, sending to /var/log/messages, BUT it''s also sending > to the > > > console. > > > > > > I checked a lot of things but the SYSLOG is totally default, out of box. > > > It''s a RedHat 7.2 plain (minimal) installation, totally updated via RHN > > > (up2date), with the default syslog.conf. > > > > > > I used the script below to test and only "emerg" priority were send > to the > > > console. > > > > >Unfortunately, logger and kernel printk use different mechanisms. > > > > I''m using REJECT:info. And only Shorewall messages are going to the > console. > > > > > > Any idea ? > > > > > > > FAQ #16 -- http://www.shorewall.net/FAQ.htm#faq16 > > > >In RH7.2, there''s a file called /etc/sysconfig/init that sets a variable >called LOGLEVEL. That is passed to dmesg in the rc.sysinit script. In my >RH setup, it is set to 3. > >You can see how the console is configured WRT kernel printk messages by: > >[root@gateway sysconfig]# cat /proc/sys/kernel/printk >3 4 1 7 >[root@gateway sysconfig]#My RH is: 7 4 1 7 So, as directed in the in FAQ (man dmesg), I issued: dmesg -l 3 WORKED! But don''t ask me HOW or WHEN or WHO changed this value. Maybe another app (bind, squid, httpd). Anyway...... I just wanna know why only syslog messages about Shorewall (iptables) were going to console ? Thanks -Gilson
On Wed, 8 May 2002, Gilson Soares wrote:> > I just wanna know why only syslog messages about Shorewall (iptables) were > going to console ? >Once your system is booted, Netfilter is about the only kernel component that calls printk with any frequency. Note that I said "Netfilter" because that is who is actually creating the messages; shorewall itself only logs messages when it is starting, stopping, etc. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
At 5/8/2002 08:06 PM, Tom Eastep wrote:>On Wed, 8 May 2002, Gilson Soares wrote: > > > > > I just wanna know why only syslog messages about Shorewall (iptables) were > > going to console ? > > > >Once your system is booted, Netfilter is about the only kernel component >that calls printk with any frequency. Note that I said "Netfilter" because >that is who is actually creating the messages; shorewall itself only logs >messages when it is starting, stopping, etc.That''s right. Only Netfilter messages were send to console. Shorewall start/stop messages went to /var/log/messages only. -Gilson