iptables LOG not in syslog
in [Slackware]
|
From: William Hunt on 11 Apr 2010 11:37 On Sun, 11 Apr 2010, John K. Herreshoff wrote: > William Hunt wrote: [...] >> Nothing shows in /var/log/syslog. >> /etc/syslog.conf is: "*.*;mail.none; /var/log/syslog" >> Other apps correctly write syslog, example: logger, imapd, sshd, ... [...] > > Mine shows up in messages. Did you check that? > John. As noted IOP, I use a very simple /etc/syslog.conf. In full: #--------------- *.*;mail.none; /var/log/syslog mail.* /var/log/mail #--------------- Thus, everything goes to /var/log/syslog, except facilty mail. Just to be pedantic, I also looked in /var/log/mail: not there, good. but the messages do spill out of /proc/kmsg and /sbin/dmesg. Any cluee ? Thanks! -- William Hunt, Portland Oregon USA
From: Grant on 11 Apr 2010 16:25 On Sun, 11 Apr 2010 06:48:13 -0700, William Hunt <wjh(a)prv8.net> wrote: >Hi, All: > >I have a slackware-12.2 VPS installed under OpenVZ (@ChainHost.com). > >iptables -j LOG rules load correctly. >iptables -L shows counts correctly accumulating. >/sbin/dmesg shows LOG messages are correctly generated. >Nothing shows in /var/log/syslog. >/etc/syslog.conf is: "*.*;mail.none; /var/log/syslog" >Other apps correctly write syslog, example: logger, imapd, sshd, ... > >Any clues? What log-level are you using? In my firewall.conf I have: # firewall logging # ````````````````` # set log_level, see 'man syslog.conf' for details # log_level info # -> /var/log/messages # In the rc.firewall script, I have: .... # use log level from configuration file, build log target shortcut 'macro' do_log="LOG --log-level $log_level --log-prefix " .... iptables -A serv_inp -p tcp --dport $port \ -j $do_log "JLE:inp:okay $name " .... Grant. -- http://bugs.id.au/
From: buck on 12 Apr 2010 12:59 William Hunt <wjh(a)prv8.net> wrote in news:Pine.LNX.4.64.1004110824510.9425(a)worker.prv8.net: > *.*;mail.none; /var/log/syslog try setting kern.=info /var/log/iptables and reastarting syslogd just to see what happens? -- buck
From: William Hunt on 12 Apr 2010 14:04 On Mon, 12 Apr 2010, buck wrote: > William Hunt <wjh(a)prv8.net> wrote in > >> *.*;mail.none; /var/log/syslog > > try setting > kern.=info /var/log/iptables > and reastarting syslogd just to see what happens? > -- > buck Okay, tried that now, too. But still nothing shows in this new /var/log/iptables. Symptoms remain unchanged, LOG messages flow out of /proc/kmsg just fine, shown by dmesg just fine, but but nada thru syslogd, not so good. Any clues ? I -suspect- the key diagnostic clue given in OP is 'OpenVZ' ... ie., kernel boogered by host provider. I found this distrubing little factoid in /proc/version: #------------ Linux version 2.6.18-164.2.1.el5.028stab066.10 (root(a)rhel5-64-build) (gcc version 4.1.2 20070626 (Red Hat 4.1.2-14)) #1 SMP Sat Dec 12 18:52:53 MSK 2009 #------------ This does not give confidence to one raised into the Light of Slackware. I smell kernel patch hell. -- William Hunt, Portland Oregon USA
From: buck on 13 Apr 2010 03:01 William Hunt <wjh(a)prv8.net> wrote in news:Pine.LNX.4.64.1004121041360.19515(a)worker.prv8.net: > On Mon, 12 Apr 2010, buck wrote: >> William Hunt <wjh(a)prv8.net> wrote in >> >>> *.*;mail.none; /var/log/syslog >> >> try setting >> kern.=info /var/log/iptables >> and reastarting syslogd just to see what happens? >> -- >> buck > > Okay, tried that now, too. > But still nothing shows in this new /var/log/iptables. > > Symptoms remain unchanged, LOG messages flow out of > /proc/kmsg just fine, shown by dmesg just fine, but > but nada thru syslogd, not so good. You have proven that iptables is not the culprit because the messages appear as stated > Any clues ? syslogd must also be OK because you're getting other logs. > I -suspect- the key diagnostic clue given in OP is 'OpenVZ' ... > ie., kernel boogered by host provider. I found this > distrubing little factoid in /proc/version: > #------------ > Linux version 2.6.18-164.2.1.el5.028stab066.10 (root(a)rhel5-64-build) > (gcc version 4.1.2 20070626 (Red Hat 4.1.2-14)) #1 SMP Sat Dec 12 > 18:52:53 MSK 2009 #------------ Although I can't imagine what could have been done to the kernel that would specifically muck with iptables logging, you've eliminated iptables and syslog/klog as the Bad Boy. so the problem is somewhere else. Just _where_ else may or may not be the kernel, but I guess it is a logical next step for troubleshooting if you're determined to get the logging working. I don't envy you. -- buck
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: How to compile Slackware from source Next: iptables LOG not in syslogec |