iptables: Logging auf z.B. /dev/tty4
Hallo Liste! Die letzten Zeilen in meinem Firewall-Skript sehen so aus: [ ... ] # Pakete, die es bis zu dieser Stelle geschafft haben, # werden mitprotokolliert iptables -A OUTPUT -j LOG --log-prefix Nicht raus: iptables -A INPUT -j LOG --log-prefix Nicht rein: iptables -A FORWARD -j LOG --log-prefix Nicht weitergeleitet: [ ... ] Das führt aber dazu, dass alle Pakete auf der aktuellen Konsole ausgegeben werden. Wenn ich auf eine andere Konsole umschalte, werden die Log-Informationen hier angezeigt. Meiner Ansicht nach ist so kein vernünftiges Arbeiten möglich. Ist es möglich, die Log-Zeilen auf z.B. /dev/tty4 auszugeben? Das habe ich bereits probiert, in dem ich mein FW-Skript so modifiziert habe: iptables -A OUTPUT \ -j LOG --log-prefix Nicht raus: 1 /dev/tty4 21 iptables -A INPUT \ -j LOG --log-prefix Nicht rein: 1 /dev/tty4 21 iptables -A FORWARD \ -j LOG --log-prefix Nicht weitergeleitet: 1 /dev/tty4 21 Leider bringt das nichts, die Ausgabe wird nicht auf eine spezielle Konsole umgeleitet... Kann mir jemand eine Lösung aufzeigen? Vielen Dank für Eure Mühe! Mit freundlichen Grüßen, Thilo -- Registered Linux user #348074 with the Linux counter http://counter.li.org -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: iptables: Logging auf z.B. /dev/tty4
* Thilo Engelbracht [EMAIL PROTECTED] [22-03-2004 15:25]: Das führt aber dazu, dass alle Pakete auf der aktuellen Konsole ausgegeben werden. Wenn ich auf eine andere Konsole umschalte, werden die Log-Informationen hier angezeigt. Das ist eine FAQ dieser Liste. Ist es möglich, die Log-Zeilen auf z.B. /dev/tty4 auszugeben? Ich schiebe die Logs per syslog-ng in eine Logdatei. Anzeige danach z.B. per tail auf /dev/ttyX Gruss Uwe pgp0.pgp Description: PGP signature
Re: iptables + logging
Am Do, den 04.12.2003 schrieb Bernhard Gerg um 14:20: Hallo zusammen, ich verwende woody und sobald ich mein Firewall-Script starte bekomme ich alle Log-Meldungen sowohl ins syslog geschrieben (was auch Sinn macht) jedoch bekomme ich jede Log Meldung auch auf die aktive Konsole. Wie kann ich das ausschalten? Habe an der Standard syslog.conf noch nichts gendert Ersetze in /etc/init.d/klogd # Use KLOGD=-k /boot/System.map-$(uname -r) to specify System.map # KLOGD= durch # Use KLOGD=-k /boot/System.map-$(uname -r) to specify System.map # KLOGD=-c 1 Natuerlich /etc/init.d/klogd neustarten eventuell auch /etc/init.d/sysklogd Gruss Frank signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
iptables + logging
Hallo zusammen, ich verwende woody und sobald ich mein Firewall-Script starte bekomme ich alle Log-Meldungen sowohl ins syslog geschrieben (was auch Sinn macht) jedoch bekomme ich jede Log Meldung auch auf die aktive Konsole. Wie kann ich das ausschalten? Habe an der Standard syslog.conf noch nichts geändert mfg Bernhard -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: iptables + logging
Danke fr die rasche Hilfe Bernhard Am Do, den 04.12.2003 schrieb Bernhard Gerg um 14:20: Hallo zusammen, ich verwende woody und sobald ich mein Firewall-Script starte bekomme ich alle Log-Meldungen sowohl ins syslog geschrieben (was auch Sinn macht) jedoch bekomme ich jede Log Meldung auch auf die aktive Konsole. Wie kann ich das ausschalten? Habe an der Standard syslog.conf noch nichts gendert Ersetze in /etc/init.d/klogd # Use KLOGD=-k /boot/System.map-$(uname -r) to specify System.map # KLOGD= durch # Use KLOGD=-k /boot/System.map-$(uname -r) to specify System.map # KLOGD=-c 1 Natuerlich /etc/init.d/klogd neustarten eventuell auch /etc/init.d/sysklogd Gruss Frank -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: iptables + logging
On Thu, Dec 04, 2003 at 03:13:42PM +0100, Peter Blancke wrote: viel mehr Logmeldungen auf der Konsole erhaeltst, die Du auch nicht haben moechtest. ... Soll diese Zeile einen Systemstart ueberleben, empfehle ich ,---[ /etc/init.d/localconfig ] | #!/bin/bash | echo 2 4 1 7 /proc/sys/kernel/printk `--- zusammen mit einer passenden Verlinkung am besten in /etc/rcS.d/, beispielsweise als S99localconfig. Oder ein Eintrag in /etc/sysctl.conf Best regards from Dresden Viele Gruesse aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -- internet unix support - Debian GNU/Linux Woody + KDE 3.1 + Bunk -- DVD / CD - Heiko Schlittermann HS12-RIPE --- pgp: A1 7D F6 7B 69 73 48 35 E1 DE 21 A7 A8 9A 77 92 --- gpg: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B - signature.asc Description: Digital signature
Re: iptables + logging
Am Donnerstag, 4. Dezember 2003 15:13 schrieb Peter Blancke: Du kannst die Konsolen-Ausgabegeschwaetzigkeit mit echo 2 4 1 7 /proc/sys/kernel/printk auf ein ertraegliches Masz reduzieren. Morgen, ich habe in /etc/sysctl.conf folgendes reingeschrieben: kernel.printk = 2 4 1 7 Das sollte den gleichen Effekt haben. Gruß Thomas Braun PS.: Sorry für die PM -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: iptables + logging
Thomas Braun [EMAIL PROTECTED] dixit: ich habe in /etc/sysctl.conf folgendes reingeschrieben: kernel.printk = 2 4 1 7 War neu fuer mich. Danke fuer den Hinweis. Bei mir hat es hier noch einen anderen Hintergedanken: Die von mir angegebene Vorgehensweise erledigt noch einige andere Sachen; ich sehe beispielsweise, dass dort auch hdparm aufgerufen wird. Gruss Peter Blancke -- Hoc est enim verbum meum! -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: iptables + logging
Bernhard Gerg [EMAIL PROTECTED] dixit: ich verwende woody und sobald ich mein Firewall-Script starte bekomme ich alle Log-Meldungen sowohl ins syslog geschrieben (was auch Sinn macht) jedoch bekomme ich jede Log Meldung auch auf die aktive Konsole. Wie kann ich das ausschalten? Habe an der Standard syslog.conf noch nichts geändert Du wirst vermutlich auch recht bald hier berichten, dass Du noch viel mehr Logmeldungen auf der Konsole erhaeltst, die Du auch nicht haben moechtest. Du kannst die Konsolen-Ausgabegeschwaetzigkeit mit echo 2 4 1 7 /proc/sys/kernel/printk auf ein ertraegliches Masz reduzieren. Soll diese Zeile einen Systemstart ueberleben, empfehle ich ,---[ /etc/init.d/localconfig ] | #!/bin/bash | echo 2 4 1 7 /proc/sys/kernel/printk `--- zusammen mit einer passenden Verlinkung am besten in /etc/rcS.d/, beispielsweise als S99localconfig. Gruss Peter Blancke -- Hoc est enim verbum meum! -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: iptables logging to console (all basic solutions have failed)
Hey Adam! I was right about to reply to that message, but you were faster at reposting my old reply to it! LOL it's great fun seeing your messages recycled :) Hope it helped (again) :) Miquel On Thu, Jun 14, 2001 at 09:55:28PM +1200, Adam Warner wrote: This looks extremely fruitful. If it DOESNT work I'll let the list know: http://lists.debian.org/debian-user-0105/msg00052.html ---Begin Quote--- Hi there! Sorry to bring up such an old threat, but I didn't see any solutions posted, and I just found the cause. The problem was ipchains (or iptables) printing messages on the console no matter how much you tried to make it shut up :) Well, I had the problem also with smbmount. Anyway, the problem was that klogd is displaying on the console all the messages with any priority greater than debug (7) (see man klogd). To keep it from doing that, load it with klogd -c 5 for example. That will log only errors or highr priorities and will prevent the flooding! If you use debian, edit /etc/init.d/klogd and edit the line where it says: KLOGD= to be KLOGD=-c 4 Have fun! Miquel ---End Quote--- And the follow up post was: ---Begin Quote--- Thank you, thank you. I just checked to see if you had filed a bug report and found that the bug (and the fix) had been filed 11 days ago. One good thing about this bug is that all those console messages about my ipchains REJECTs and DENYs resulted in a better firewall. But why did it affect (apparently) only a handful of people? Lindsay ---End Quote--- -Original Message- From: Adam Warner [mailto:[EMAIL PROTECTED] Sent: Thursday, 14 June 2001 7:33 p.m. To: debian-user@lists.debian.org Subject: iptables logging to console (all basic solutions have failed) Hi all, I'm running Debian testing with a custom compiled 2.4.5 kernel. Since I've enabling logging with my iptables rules (at info and warn levels) every single log is being output to the current console. At no point in /etc/syslog.conf do I have any logging to /dev/console. And attempts to log to, say, /dev/tty8 work but continue to log to the current console. Yes, I used apt-get install klogd after searching archives and finding that this should be installed (I initially started a while ago with a floppy install of 2.2r3). I've tried rebooting, restarting syskogd and klogd and finding messages in the archives that go along the line of yeah, this appears to be happening to some people. As you can imagine, it's very easy for iptables logs to flood the console in a second. Thanks, Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
iptables logging to console (all basic solutions have failed)
Hi all, I'm running Debian testing with a custom compiled 2.4.5 kernel. Since I've enabling logging with my iptables rules (at info and warn levels) every single log is being output to the current console. At no point in /etc/syslog.conf do I have any logging to /dev/console. And attempts to log to, say, /dev/tty8 work but continue to log to the current console. Yes, I used apt-get install klogd after searching archives and finding that this should be installed (I initially started a while ago with a floppy install of 2.2r3). I've tried rebooting, restarting syskogd and klogd and finding messages in the archives that go along the line of yeah, this appears to be happening to some people. As you can imagine, it's very easy for iptables logs to flood the console in a second. Thanks, Adam
Re: iptables logging to console (all basic solutions have failed)
On Thu, Jun 14, 2001 at 07:32:46PM +1200, Adam Warner wrote: Hi all, I'm running Debian testing with a custom compiled 2.4.5 kernel. Since I've enabling logging with my iptables rules (at info and warn levels) every single log is being output to the current console. set your debug level to 0. This can be done at boot (iirc debug=0), or alt-sysrq-0. At no point in /etc/syslog.conf do I have any logging to /dev/console. And attempts to log to, say, /dev/tty8 work but continue to log to the current console. I'm not sure, but wouldn't the line about 'emerg' apply? -- John Lenton ([EMAIL PROTECTED]) -- Random fortune: O cigarro disse ao fumante: Hoje você me acende, amanhã eu te apago. pgphNfkpxrhHV.pgp Description: PGP signature
RE: iptables logging to console (all basic solutions have failed)
Thanks John, OK I appended debug=0 to /etc/lilo.conf (append=debug=0), re-run lilo and rebooted. And the outcome was not good. No services run. All I get is lots of errors: /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found etc. Anyway, why would setting the level of debugging (which certainly didn't work here) have anything to do with whether messages go to the console or not? Thanks for trying. Regards, Adam -Original Message- From: John R Lenton [mailto:[EMAIL PROTECTED] Behalf Of John R Lenton Sent: Thursday, 14 June 2001 8:08 p.m. To: Adam Warner Cc: Debian User Mailing List Subject: Re: iptables logging to console (all basic solutions have failed) On Thu, Jun 14, 2001 at 07:32:46PM +1200, Adam Warner wrote: Hi all, I'm running Debian testing with a custom compiled 2.4.5 kernel. Since I've enabling logging with my iptables rules (at info and warn levels) every single log is being output to the current console. set your debug level to 0. This can be done at boot (iirc debug=0), or alt-sysrq-0. At no point in /etc/syslog.conf do I have any logging to /dev/console. And attempts to log to, say, /dev/tty8 work but continue to log to the current console. I'm not sure, but wouldn't the line about 'emerg' apply? -- John Lenton ([EMAIL PROTECTED]) -- Random fortune: O cigarro disse ao fumante: Hoje você me acende, amanhã eu te apago.
RE: iptables logging to console (all basic solutions have failed)
This looks extremely fruitful. If it DOESNT work I'll let the list know: http://lists.debian.org/debian-user-0105/msg00052.html ---Begin Quote--- Hi there! Sorry to bring up such an old threat, but I didn't see any solutions posted, and I just found the cause. The problem was ipchains (or iptables) printing messages on the console no matter how much you tried to make it shut up :) Well, I had the problem also with smbmount. Anyway, the problem was that klogd is displaying on the console all the messages with any priority greater than debug (7) (see man klogd). To keep it from doing that, load it with klogd -c 5 for example. That will log only errors or highr priorities and will prevent the flooding! If you use debian, edit /etc/init.d/klogd and edit the line where it says: KLOGD= to be KLOGD=-c 4 Have fun! Miquel ---End Quote--- And the follow up post was: ---Begin Quote--- Thank you, thank you. I just checked to see if you had filed a bug report and found that the bug (and the fix) had been filed 11 days ago. One good thing about this bug is that all those console messages about my ipchains REJECTs and DENYs resulted in a better firewall. But why did it affect (apparently) only a handful of people? Lindsay ---End Quote--- -Original Message- From: Adam Warner [mailto:[EMAIL PROTECTED] Sent: Thursday, 14 June 2001 7:33 p.m. To: debian-user@lists.debian.org Subject: iptables logging to console (all basic solutions have failed) Hi all, I'm running Debian testing with a custom compiled 2.4.5 kernel. Since I've enabling logging with my iptables rules (at info and warn levels) every single log is being output to the current console. At no point in /etc/syslog.conf do I have any logging to /dev/console. And attempts to log to, say, /dev/tty8 work but continue to log to the current console. Yes, I used apt-get install klogd after searching archives and finding that this should be installed (I initially started a while ago with a floppy install of 2.2r3). I've tried rebooting, restarting syskogd and klogd and finding messages in the archives that go along the line of yeah, this appears to be happening to some people. As you can imagine, it's very easy for iptables logs to flood the console in a second. Thanks, Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
iptables logging?
Hi all, This is just something that's getting slightly annoying - iptables is refusing to log to /var/log/*. Runnning dmesg I can see all the iptables reports, so its logging to the kernel, just syslog is ignoring it (?). My /var/log/messages entry in /etc/syslog.conf is as follows: *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none -/var/log/messages What do I need to add so syslog passes the iptables messages into the log? Many thanks for any help, Adam James -- The true Southern watermelon is a boon apart, and not to be mentioned with commoner things. It is chief of the world's luxuries, king by the grace of God over all the fruits of the earth. When one has tasted it, he knows what the angels eat. It was not a Southern watermelon that Eve took; we know it because she repented. -- Mark Twain, Pudd'nhead Wilson's Calendar
Re: iptables logging?
If you're tracking unstable, make sure you have the klogd package installed. It was recently split out from sysklogd, and since apt-get doesn't handle Recommends... On Thu, Apr 12, 2001 at 12:22:57AM +0100, Adam James wrote: Hi all, This is just something that's getting slightly annoying - iptables is refusing to log to /var/log/*. Runnning dmesg I can see all the iptables reports, so its logging to the kernel, just syslog is ignoring it (?). My /var/log/messages entry in /etc/syslog.conf is as follows: *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none -/var/log/messages What do I need to add so syslog passes the iptables messages into the log? Many thanks for any help, Adam James pgpJeJaQ6JyMm.pgp Description: PGP signature