On Wed, Nov 21, 2007 at 09:00:20AM -0800, Tom Eastep wrote:
> Andrew Suffield wrote:
> > On Wed, Nov 21, 2007 at 07:44:24AM -0800, Tom Eastep wrote:
> >> (or in that most questionable of
> >> Debian ideas, the /var/log/shorewall-init.log file).
> >
> > What's wrong with it? It's essential to debugging a headless server
> > that won't boot cleanly.
>
> The problem with it is that the average Debian Shorewall user has no clue
> that it exists.
On reflection, while this may not be a direct problem, there's no good
reason for the difference between the Debian and upstream versions
here. This (approximate) behaviour would be beneficial to non-Debian
users as well, and could be improved upon.
The basic objective is this: get 'shorewall start' to be completely
silent unless an error occurs (because we don't need to see all those
progress messages as part of the normal boot sequence), and
simultaneously dump the full startup chatter into a log file so that
the sysadmin can examine it later if necessary.
To accomplish this, two alterations to shorewall would be necessary:
First, a new argument that specifies an absolute verbosity level,
rather than being dependant on the contents of shorewall.conf:
'shorewall -v=-1' or something, rather than having to say 'shorewall
-qqqqq' and hoping that the config file's verbosity is set no higher
than 4.
Secondly, an optional log file defined in shorewall.conf, with its own
verbosity level. I'm thinking of something like this:
progress_message()
{
local timestamp=
if [ $VERBOSE -gt 1 ]; then
[ -n "$TIMESTAMP" ] && timestamp="$(date +%H:%M:%S) "
echo "${timestamp}$@"
fi
if [ $LOG_VERBOSE -gt 1 ]; then
timestamp="$(date +%H:%M:%S) "
echo "${timestamp}$@" >> $STARTUP_LOG
fi
}
and so on in the other functions. Then vendors simply ship a default
config file that names a suitable log file, and use the silent form in
the init script.
This also has the secondary benefit that all shorewall behaviour is
logged, rather than just the bits from the init script, so you can
look at the log at any time and see the most recent output. You could
even have 'shorewall dump' grab it.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
