On Tue, Sep 09, 2003 at 08:56:07PM -0400, Andrew M Hoerter wrote:
>
> On Tue, 9 Sep 2003, Paul M Foster wrote:
>
> > The logged rejected packets are showing up on the open console, making
> > it impossible to do anything on that machine while it's going on. I
> > don't know why it's doing this. I've given iptables the "--log-level
> > info" parameter. I assume the location to which this stuff is logged is
> > governed by syslog.conf. But the section in the syslog.conf file that
> > talks about info logging says it should be going to /var/log/messages.
>
> What facility is iptables using when logging information? The effects of
> syslog.conf can sometimes be subtle. I would look for "/dev/console" or
> equivalent in syslog.conf and work back from there to see where the
> messages are coming from. Syslog messages can also be sent to particular
> users, so if it only happens when you're root, that's another clue as to
> what syslog.conf lines are relevant.
Interesting point. According to the man page for iptables, the LOG
target "Turn[s] on kernel logging of matching packets." But under that
log-level parameter, it says, "Level of logging (numeric or see
syslog.conf(5))." Researching further, the "numeric" mentioned above is
detailed in kernel.h and briefly mentioned in man klogd(8). But there
doesn't appear to be a klogd.conf file. Instead, it looks like kernel
logging is configured in the syslog.conf file. Is that right?
There is no /dev/console in the syslog.conf file. However, there is
this:
daemon.*;mail.*;\
news.crit;news.err;news.notice;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole
This would appear to say that anything at "info" level (I'm using
"--log-level info" with iptables) would go to /dev/xconsole. According
to the man page for xconsole, this is supposed to display messages that
would normally go to /dev/console. But on this particular machine, X is
not even installed. So I wonder if it reverts to /dev/console if no
/dev/xconsole exists? Otherwise, there is no other mention of the word
"console" in the syslog.conf file.
This machine is at work, so I may tweak the syslog.conf file in this
area and see if it makes a difference. If anyone knows any more about
this, sing out.
Paul
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:27:50 EDT