Re: iptables logging to console (all basic solutions have failed)
Hey Adam! I was right about to reply to that message, but you were faster at reposting my old reply to it! LOL it's great fun seeing your messages recycled :) Hope it helped (again) :) Miquel On Thu, Jun 14, 2001 at 09:55:28PM +1200, Adam Warner wrote: > This looks extremely fruitful. If it DOESN"T work I'll let the list know: > http://lists.debian.org/debian-user-0105/msg00052.html > > ---Begin Quote--- > > Hi there! > Sorry to bring up such an old threat, but I didn't see any solutions posted, > and I just found the cause. > > The problem was ipchains (or iptables) printing messages on the console no > matter how much you tried to make it shut up :) Well, I had the problem also > with smbmount. > > Anyway, the problem was that klogd is displaying on the console all the > messages with any priority greater than debug (7) (see man klogd). To keep > it from doing that, load it with "klogd -c 5" for example. That will log > only errors or highr priorities and will prevent the flooding! > > If you use debian, edit /etc/init.d/klogd and edit the line where it says: > KLOGD="" > to be > KLOGD="-c 4" > > Have fun! > Miquel > > ---End Quote--- > > And the follow up post was: > > ---Begin Quote--- > Thank you, thank you. > > I just checked to see if you had filed a bug report and found that the bug > (and the fix) had been filed 11 days ago. > > One good thing about this bug is that all those console messages about my > ipchains REJECTs and DENYs resulted in a better firewall. > > But why did it affect (apparently) only a handful of people? > > Lindsay > > ---End Quote--- > > > -Original Message- > From: Adam Warner [mailto:[EMAIL PROTECTED] > Sent: Thursday, 14 June 2001 7:33 p.m. > To: debian-user@lists.debian.org > Subject: iptables logging to console (all basic solutions have failed) > > Hi all, > > I'm running Debian testing with a custom compiled 2.4.5 kernel. Since I've > enabling logging with my iptables rules (at info and warn levels) every > single log is being output to the current console. > > At no point in /etc/syslog.conf do I have any logging to /dev/console. And > attempts to log to, say, /dev/tty8 work but continue to log to the current > console. > > Yes, I used apt-get install klogd after searching archives and finding that > this should be installed (I initially started a while ago with a floppy > install of 2.2r3). > > I've tried rebooting, restarting syskogd and klogd and finding messages in > the archives that go along the line of "yeah, this appears to be happening > to some people." > > As you can imagine, it's very easy for iptables logs to flood the console in > a second. > > Thanks, > Adam > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
RE: iptables logging to console (all basic solutions have failed)
This looks extremely fruitful. If it DOESN"T work I'll let the list know: http://lists.debian.org/debian-user-0105/msg00052.html ---Begin Quote--- Hi there! Sorry to bring up such an old threat, but I didn't see any solutions posted, and I just found the cause. The problem was ipchains (or iptables) printing messages on the console no matter how much you tried to make it shut up :) Well, I had the problem also with smbmount. Anyway, the problem was that klogd is displaying on the console all the messages with any priority greater than debug (7) (see man klogd). To keep it from doing that, load it with "klogd -c 5" for example. That will log only errors or highr priorities and will prevent the flooding! If you use debian, edit /etc/init.d/klogd and edit the line where it says: KLOGD="" to be KLOGD="-c 4" Have fun! Miquel ---End Quote--- And the follow up post was: ---Begin Quote--- Thank you, thank you. I just checked to see if you had filed a bug report and found that the bug (and the fix) had been filed 11 days ago. One good thing about this bug is that all those console messages about my ipchains REJECTs and DENYs resulted in a better firewall. But why did it affect (apparently) only a handful of people? Lindsay ---End Quote--- -Original Message- From: Adam Warner [mailto:[EMAIL PROTECTED] Sent: Thursday, 14 June 2001 7:33 p.m. To: debian-user@lists.debian.org Subject: iptables logging to console (all basic solutions have failed) Hi all, I'm running Debian testing with a custom compiled 2.4.5 kernel. Since I've enabling logging with my iptables rules (at info and warn levels) every single log is being output to the current console. At no point in /etc/syslog.conf do I have any logging to /dev/console. And attempts to log to, say, /dev/tty8 work but continue to log to the current console. Yes, I used apt-get install klogd after searching archives and finding that this should be installed (I initially started a while ago with a floppy install of 2.2r3). I've tried rebooting, restarting syskogd and klogd and finding messages in the archives that go along the line of "yeah, this appears to be happening to some people." As you can imagine, it's very easy for iptables logs to flood the console in a second. Thanks, Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: iptables logging to console (all basic solutions have failed)
Thanks John, OK I appended debug=0 to /etc/lilo.conf (append="debug=0"), re-run lilo and rebooted. And the outcome was not good. No services run. All I get is lots of errors: /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found etc. Anyway, why would setting the level of debugging (which certainly didn't work here) have anything to do with whether messages go to the console or not? Thanks for trying. Regards, Adam -Original Message- From: John R Lenton [mailto:[EMAIL PROTECTED] Behalf Of John R Lenton Sent: Thursday, 14 June 2001 8:08 p.m. To: Adam Warner Cc: Debian User Mailing List Subject: Re: iptables logging to console (all basic solutions have failed) On Thu, Jun 14, 2001 at 07:32:46PM +1200, Adam Warner wrote: > Hi all, > > I'm running Debian testing with a custom compiled 2.4.5 kernel. Since I've > enabling logging with my iptables rules (at info and warn levels) every > single log is being output to the current console. set your debug level to 0. This can be done at boot (iirc debug=0), or alt-sysrq-0. > At no point in /etc/syslog.conf do I have any logging to /dev/console. And > attempts to log to, say, /dev/tty8 work but continue to log to the current > console. I'm not sure, but wouldn't the line about 'emerg' apply? -- John Lenton ([EMAIL PROTECTED]) -- Random fortune: O cigarro disse ao fumante: Hoje você me acende, amanhã eu te apago.
Re: iptables logging to console (all basic solutions have failed)
On Thu, Jun 14, 2001 at 07:32:46PM +1200, Adam Warner wrote: > Hi all, > > I'm running Debian testing with a custom compiled 2.4.5 kernel. Since I've > enabling logging with my iptables rules (at info and warn levels) every > single log is being output to the current console. set your debug level to 0. This can be done at boot (iirc debug=0), or alt-sysrq-0. > At no point in /etc/syslog.conf do I have any logging to /dev/console. And > attempts to log to, say, /dev/tty8 work but continue to log to the current > console. I'm not sure, but wouldn't the line about 'emerg' apply? -- John Lenton ([EMAIL PROTECTED]) -- Random fortune: O cigarro disse ao fumante: Hoje você me acende, amanhã eu te apago. pgphNfkpxrhHV.pgp Description: PGP signature
