Re: iptables log target logs everything to tty*. Why?

To: debian-user@lists.debian.org
Subject: Re: iptables log target logs everything to tty*. Why?
From: Florian Kulzer <florian@molphys.leidenuniv.nl>
Date: Fri, 23 Jun 2006 09:44:40 +0200
Message-id: <[🔎] 20060623074440.GA5884@bavaria>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 1151037744.0@imladris>
References: <[🔎] 449B1731.4090503@djingis.se> <[🔎] 1151037744.0@imladris>

On Fri, Jun 23, 2006 at 14:42:24 +1000, Cameron Hutchison wrote:
> Erik Persson wrote:
> 
> >I'm running a debian sarge as a router for a network, and I'm using 
> >iptables. I need to log certain stuff from iptables, and I thus have 
> >rules like:
> >${PROG} -A FORWARD -i eth1 -o eth0 -p tcp --dport 135 -m limit
> >  --limit 1/s -j LOG --log-prefix "Blaster portscan "
> 
> >This however has the not so desirable side effect of writing every log 
> >message from iptables to all tty:s as well as to /var/log/messages. And 
> >I can tell you it is very annoying!
> 
> There are two things to look at.
> 
> man iptables
> 
> This will show you how to set the log level of the messages logged via
> the LOG target. My man page does not say what the default is.
> 
> man klogd
> 
> This describes the "-c" argument to klogd that sets the level that
> a kernel message must be logged at to be sent to the console. The -c
> argument can be set in the /etc/init.d/klogd script that starts klogd. Be
> sure to read the part after the OPTIONS section where it describes -c
> in more detail.
> 
> You may also want to cat /proc/sys/kernel/printk to see what the current
> settings for console logging is. The first number of the four printed
> is the console log level (man proc, search for printk).

If you want to make the setting persistent across reboots you can use
/etc/sysctl.conf. At least on Etch and Sid this file already has a
commented-out line for that purpose. If you uncomment it the messages
will stop appearing on the console: 

# Uncomment the following to stop low-level messages on console
kernel/printk = 4 4 1 7

To change the setting on a running system you can do
echo "4 4 1 7" > /proc/sys/kernel/printk

Note, however, that this will suppress all low-level warning messages,
but on a user workstation that should not be too much of a problem.
There are also various packages that run daemons to monitor critical
things (hard disk errors, CPU temperature etc.) which will send you an
email if trouble is brewing.

-- 
Regards,
          Florian

Reply to:

References:
- iptables log target logs everything to tty*. Why?
  - From: Erik Persson <erik-maillist@djingis.se>
- Re: iptables log target logs everything to tty*. Why?
  - From: Cameron Hutchison <lists@xdna.net>

Prev by Date: Re: Help with gz files
Next by Date: Re: Help with gz files
Previous by thread: Re: iptables log target logs everything to tty*. Why?
Next by thread: Re: iptables log target logs everything to tty*. Why?
Index(es):
- Date
- Thread