I realize that this is probably a pathetically simple issue but..... I am running Shorewall 4.4.2.2 on a CentOS 5.3 64-bit box. I have read the FAQ on this subject and I can''t find any loglevels that are anything but ''info''. The output of ''cat /proc/sys/kernel/printk'' is ''6 4 1 7'' so that shouldn''t be causing the problem either, nevertheless I am getting a lot of Shorewall n2fw messages originating from ''net'' to ''$FW'' that are appearing on the console. sysctl.conf is showing that only kernel messages are written to ''/dev/console''. Scott Ackerman Usable Web Solutions 1212 Baker Street Fort Collins, Colorado 80524 970-689-3999 www.us-able.com <http://www.us-able.com/> "Design is not just what it looks like and feels like. Design is how it works" - Steve Jobs ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Ackerman wrote:> I realize that this is probably a pathetically simple issue but..... I > am running Shorewall 4.4.2.2 on a CentOS 5.3 64-bit box. I have read the > FAQ on this subject and I can''t find any loglevels that are anything but > ''info''. The output of ''cat /proc/sys/kernel/printk'' is ''6 4 1 7'' so that > shouldn''t be causing the problem either, nevertheless I am getting a lot > of Shorewall n2fw messages originating from ''net'' to ''$FW'' that are > appearing on the console. sysctl.conf is showing that only kernel > messages are written to ''/dev/console''.Well, Netfilter message *are kernel messages*. Beyond that, I don''t know what to tell you: [root@centos shorewall]# cat /etc/redhat-release CentOS release 5.3 (Final) [root@centos shorewall]# cat /proc/sys/kernel/printk 6 4 1 7 [root@centos shorewall]# shorewall show log Shorewall 4.4.2.3 Log (/var/log/messages) at centos.shorewall.net - Wed Oct 21 15:54:05 PDT 2009 Counters reset Wed Oct 21 15:49:36 PDT 2009 Oct 21 15:50:03 net2fw:DROP:IN=eth0 OUT= SRC=172.20.1.254 DST=172.20.1.136 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=27458 DF PROTO=TCP SPT=33048 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0 Oct 21 15:50:06 net2fw:DROP:IN=eth0 OUT= SRC=172.20.1.254 DST=172.20.1.136 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=27459 DF PROTO=TCP SPT=33048 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0 [root@centos shorewall]# Yet no messages appeared on the console. Maybe someone who is more familiar with CentOS/RHEL5 releases can be of more help. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/ iD8DBQFK35JqO/MAbZfjDLIRAiEgAKCLKiKUUhKyGrs8PEwZCU1gFJ1E4ACfcBDJ pPqmNidn54/8x70s+v/drfI=UnnI -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
Tom Eastep wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Scott Ackerman wrote: > >> I realize that this is probably a pathetically simple issue but..... I >> am running Shorewall 4.4.2.2 on a CentOS 5.3 64-bit box. I have read the >> FAQ on this subject and I can''t find any loglevels that are anything but >> ''info''. The output of ''cat /proc/sys/kernel/printk'' is ''6 4 1 7'' so that >> shouldn''t be causing the problem either, nevertheless I am getting a lot >> of Shorewall n2fw messages originating from ''net'' to ''$FW'' that are >> appearing on the console. sysctl.conf is showing that only kernel >> messages are written to ''/dev/console''. >> > > Well, Netfilter message *are kernel messages*. > > Beyond that, I don''t know what to tell you: > > [root@centos shorewall]# cat /etc/redhat-release > CentOS release 5.3 (Final) > [root@centos shorewall]# cat /proc/sys/kernel/printk > 6 4 1 7 > [root@centos shorewall]# shorewall show log > Shorewall 4.4.2.3 Log (/var/log/messages) at centos.shorewall.net - Wed > Oct 21 15:54:05 PDT 2009 > > Counters reset Wed Oct 21 15:49:36 PDT 2009 > > Oct 21 15:50:03 net2fw:DROP:IN=eth0 OUT= SRC=172.20.1.254 > DST=172.20.1.136 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=27458 DF PROTO=TCP > SPT=33048 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0 > Oct 21 15:50:06 net2fw:DROP:IN=eth0 OUT= SRC=172.20.1.254 > DST=172.20.1.136 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=27459 DF PROTO=TCP > SPT=33048 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0 > [root@centos shorewall]# > > Yet no messages appeared on the console. > > Maybe someone who is more familiar with CentOS/RHEL5 releases can be of > more help. > > - -Tom > - -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/ > > iD8DBQFK35JqO/MAbZfjDLIRAiEgAKCLKiKUUhKyGrs8PEwZCU1gFJ1E4ACfcBDJ > pPqmNidn54/8x70s+v/drfI> =UnnI > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >Something with selinux maybe? That wonderful service always seems to cause more problems than it fixes. The unofficial selinux faq recommends 7 7 1 7 to shut off console messages Does dmesg -n 1 stop it? Are you running auditd? http://www.crypt.gen.nz/selinux/faq.html#L.1 -- Keith Mitchell CTO Productivity Associates, Inc. 5625 Ruffin Rd STE 220 San Diego, CA 92123 858-495-3528 (Direct) 858-495-3540 (Fax) ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
Don''t know about CentOS, but in Debian the "log to console" bit is in the config for syslog (or whichever successor is installed). So option one is to disable logging to the console. An alternative is to use ULOG which I''m sure is documented on the Shorewall site somewhere. Another option might be to switch to something like syslog-ng where you have much more control over logging. I haven''t got into it yet, but I think you can filter logging by regular expression - and that would allow you to log kernel messages to console except for those starting with Shorewall. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
Keith Mitchell wrote:> Something with selinux maybe? That wonderful service always seems to > cause more problems than it fixes.> The unofficial selinux faq recommends 7 7 1 7 to shut off console > messages> Does dmesg -n 1 stop it?> Are you running auditd?> http://www.crypt.gen.nz/selinux/faq.html#L.1FWIW, I have SELinux configured in permissive mode on CentOS 5.3. And as I mentioned in an earlier post, I''m not seeing the problem. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
Thanks for the suggestions, I believe that I will configure ULOG, I was looking at that last evening and it seems it would be more convenient anyway.> -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: Thursday, October 22, 2009 8:40 AM > To: Shorewall Users > Subject: Re: [Shorewall-users] getting shorewall messages on console > > Keith Mitchell wrote: > > > > Something with selinux maybe? That wonderful service > always seems to > > cause more problems than it fixes. > > > The unofficial selinux faq recommends 7 7 1 7 to shut off console > > messages > > > Does dmesg -n 1 stop it? > > > Are you running auditd? > > > http://www.crypt.gen.nz/selinux/faq.html#L.1 > > FWIW, I have SELinux configured in permissive mode on CentOS > 5.3. And as I mentioned in an earlier post, I''m not seeing > the problem. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > >------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
On 22/10/09 03:54, Simon Hobson wrote:> An alternative is to use ULOGDistributions are gradually switching to rsyslog though. ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference