Re: iptables log target logs everything to tty*. Why?

To: Cameron Hutchison <lists@xdna.net>
Cc: debian-user@lists.debian.org
Subject: Re: iptables log target logs everything to tty*. Why?
From: Erik Persson <erik-maillist@djingis.se>
Date: Fri, 23 Jun 2006 15:36:21 +0200
Message-id: <[🔎] 449BEE55.1010103@djingis.se>
In-reply-to: <[🔎] 1151037744.0@imladris>
References: <[🔎] 449B1731.4090503@djingis.se> <[🔎] 1151037744.0@imladris>

Cameron Hutchison wrote:

Erik Persson wrote:
I'm running a debian sarge as a router for a network, and I'm usingiptables. I need to log certain stuff from iptables, and I thus haverules like:
${PROG} -A FORWARD -i eth1 -o eth0 -p tcp --dport 135 -m limit
 --limit 1/s -j LOG --log-prefix "Blaster portscan "
This however has the not so desirable side effect of writing every logmessage from iptables to all tty:s as well as to /var/log/messages. AndI can tell you it is very annoying!
There are two things to look at.

man iptables

This will show you how to set the log level of the messages logged via
the LOG target. My man page does not say what the default is.

Yes. I already looked into this, and it's certainly an alternative asthe standard iptables log level is warning and klogd as standard logseverything except debug to ttys.

man klogd

This describes the "-c" argument to klogd that sets the level that
a kernel message must be logged at to be sent to the console. The -c
argument can be set in the /etc/init.d/klogd script that starts klogd. Be
sure to read the part after the OPTIONS section where it describes -c
in more detail.


Yes, I've read this.

The interesting part is that even when killing klogd the messages kepton coming. I guess it is the kernel it self that is responisble forprinting the messages to the ttys? This view seems to be supported bythe klogd man page.


It it, however, interesting that klogd -c 0 didn't remove the messages!
I guess 'man proc' however gives the explanation to this behavior, se below.


You may also want to cat /proc/sys/kernel/printk to see what the current
settings for console logging is. The first number of the four printed
is the console log level (man proc, search for printk).


The explanation seems to be found here.
From man proc:
/proc/sys/kernel/printk
              The  four values in this file are console_loglevel,
              default_message_loglevel, minimum_console_level and
              default_console_loglevel.  These values influence printk()
              behavior when printing or logging error mes-
              sages.  See  syslog(2)  for more info on the different
              loglevels.  Messages with a higher priority than
              console_loglevel will be printed to the console.  Messages
              without an explicit priority will be printed
              with  priority default_message_level.
              minimum_console_loglevel is the minimum (highest) value to
              which console_loglevel can be set.
              default_console_loglevel is the default value for
              console_loglevel.


Thus the reason to the behavior seems to be:
1. the kernel is responsible for printing the messages, not klogd

2. klogd -c 0 is unable to set the log level to 0, sinceminimal_console_level is set to 4 on the router.



Thanks for the info!

/ep

Reply to:

Follow-Ups:
- Re: iptables log target logs everything to tty*. Why?
  - From: "Henrique G. Abreu" <hgabreu@gmail.com>

References:
- iptables log target logs everything to tty*. Why?
  - From: Erik Persson <erik-maillist@djingis.se>
- Re: iptables log target logs everything to tty*. Why?
  - From: Cameron Hutchison <lists@xdna.net>

Prev by Date: Re: mounting USB mass storage devices
Next by Date: Re: mounting USB mass storage devices
Previous by thread: Re: iptables log target logs everything to tty*. Why?
Next by thread: Re: iptables log target logs everything to tty*. Why?
Index(es):
- Date
- Thread