All of lore.kernel.org
 help / color / mirror / Atom feed
* iptables logs going to all ttys
@ 2003-10-13 22:40 lucas
  0 siblings, 0 replies; 5+ messages in thread
From: lucas @ 2003-10-13 22:40 UTC (permalink / raw)
  To: iptables mailing list

Morning all,

I have the following in my firewall script, and to my knowledge this is 
meant to stop all logs from going to all ttys but this is not the case 
and its a real pain in the ass.

$IPTABLES -N drop-and-log-it
$IPTABLES -A drop-and-log-it -j LOG --log-level info
$IPTABLES -A drop-and-log-it -j DROP

If someone could give me a hint as to what i have overlooked that would 
be much appreciated, thanks

General Details:
    iptables v1.2.8
    syslogd 1.4.1
    LFS 4.1

-- 
lucas                                    $(lucas@webone.com.au)

"Experience is something you don't get until just after you need it."








^ permalink raw reply	[flat|nested] 5+ messages in thread
* RE: iptables logs going to all ttys
@ 2003-10-14 13:28 bmcdowell
  0 siblings, 0 replies; 5+ messages in thread
From: bmcdowell @ 2003-10-14 13:28 UTC (permalink / raw)
  To: netfilter


If you're like me, and you've checked and re-checked your syslog.conf to no avail, you may want to try:

dmesg -n 1

I found that little tid-bit after three or four days of googling...

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]On Behalf Of Joel Newkirk
Sent: Monday, October 13, 2003 9:34 PM
To: lucas
Cc: iptables mailing list
Subject: Re: iptables logs going to all ttys


On Mon, 2003-10-13 at 18:58, lucas wrote:
> Morning all,
> 
> I have the following in my firewall script, and to my knowledge this is 
> meant to stop all logs from going to all ttys but this is not the case 
> and its a real *pain* in the ass.
>
> $IPTABLES -N drop-and-log-it
> $IPTABLES -A drop-and-log-it -j LOG --log-level info
> $IPTABLES -A drop-and-log-it -j DROP
> 
> If someone could give me a hint as to what i have overlooked that would 
> be much appreciated, thanks

Syslog configuration is probably what you missed.  check
/etc/syslog.conf.  Very likely you have something like:
kern.*      /dev/console
in there, which states that all kernel messages of whatever level will
be sent to /dev/console.

For myself, I disable the /dev/console setting, then add:
kern.=debug  /var/log/firewall
kern.=warning /var/log/firewalladmin

Unless you're running a custom kernel with debugging enabled, the first
channel (debug) should be almost empty of traffic, ideal for redirection
to a firewall-only log file with "--log-level debug".  Everything of
level 'info' or higher usually goes to /var/log/messages as well.

j




^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: iptables logs going to all ttys
  2003-10-13 22:58 lucas
  2003-10-13 23:55 ` Jeffrey Laramie
@ 2003-10-14  2:34 ` Joel Newkirk
  1 sibling, 0 replies; 5+ messages in thread
From: Joel Newkirk @ 2003-10-14  2:34 UTC (permalink / raw)
  To: lucas; +Cc: iptables mailing list

On Mon, 2003-10-13 at 18:58, lucas wrote:
> Morning all,
> 
> I have the following in my firewall script, and to my knowledge this is 
> meant to stop all logs from going to all ttys but this is not the case 
> and its a real *pain* in the ass.
>
> $IPTABLES -N drop-and-log-it
> $IPTABLES -A drop-and-log-it -j LOG --log-level info
> $IPTABLES -A drop-and-log-it -j DROP
> 
> If someone could give me a hint as to what i have overlooked that would 
> be much appreciated, thanks

Syslog configuration is probably what you missed.  check
/etc/syslog.conf.  Very likely you have something like:
kern.*      /dev/console
in there, which states that all kernel messages of whatever level will
be sent to /dev/console.

For myself, I disable the /dev/console setting, then add:
kern.=debug  /var/log/firewall
kern.=warning /var/log/firewalladmin

Unless you're running a custom kernel with debugging enabled, the first
channel (debug) should be almost empty of traffic, ideal for redirection
to a firewall-only log file with "--log-level debug".  Everything of
level 'info' or higher usually goes to /var/log/messages as well.

j




^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: iptables logs going to all ttys
  2003-10-13 22:58 lucas
@ 2003-10-13 23:55 ` Jeffrey Laramie
  2003-10-14  2:34 ` Joel Newkirk
  1 sibling, 0 replies; 5+ messages in thread
From: Jeffrey Laramie @ 2003-10-13 23:55 UTC (permalink / raw)
  To: iptables mailing list

[-- Attachment #1: Type: text/html, Size: 1095 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* iptables logs going to all ttys
@ 2003-10-13 22:58 lucas
  2003-10-13 23:55 ` Jeffrey Laramie
  2003-10-14  2:34 ` Joel Newkirk
  0 siblings, 2 replies; 5+ messages in thread
From: lucas @ 2003-10-13 22:58 UTC (permalink / raw)
  To: iptables mailing list

Morning all,

I have the following in my firewall script, and to my knowledge this is 
meant to stop all logs from going to all ttys but this is not the case 
and its a real *pain* in the ass.

$IPTABLES -N drop-and-log-it
$IPTABLES -A drop-and-log-it -j LOG --log-level info
$IPTABLES -A drop-and-log-it -j DROP

If someone could give me a hint as to what i have overlooked that would 
be much appreciated, thanks

General Details:
   iptables v1.2.8
   syslogd 1.4.1
   LFS 4.1

-- 
lucas                                    $(lucas@webone.com.au)

"Experience is something you don't get until just after you need it."






^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2003-10-14 13:28 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-10-13 22:40 iptables logs going to all ttys lucas
2003-10-13 22:58 lucas
2003-10-13 23:55 ` Jeffrey Laramie
2003-10-14  2:34 ` Joel Newkirk
2003-10-14 13:28 bmcdowell

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.