1. Forum
  2. FidoNet
  3. ALT.OS.LINUX.MAGEIA

  • shorewall dumping everything into dmesg

    From William Unruh@2:250/0 to All on Thu Feb 8 02:55:35 2024
    Shore wall is dumping its messages into dmesg, rather than say /var/log/shorewall (which is empty) That rather fills dmesg with DROP
    messages
    [8024391.572953] Shorewall:sshd-fw:DROP:IN=eno1 OUT= MAC=4c:ed:fb:c2:2a:f3:a0:ab:1b:88:6e:58:08:00 SRC=185.196.8.151 DST=192.168.0.3 LEN=40 TOS=0x00 PREC=0xA0 TTL=250 ID=54321 PROTO=TCP SPT=40237 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0

    What might I have misconfigured?
    /etc/shorewall/shorewall.conf has

    ############################################################################### # L O G G I N G ###############################################################################

    BLACKLIST_LOG_LEVEL=info

    INVALID_LOG_LEVEL=info

    LOG_MARTIANS=Yes

    LOG_VERBOSITY=2

    #LOGALLNEW=yes

    LOGFILE=/var/log/shorewall

    LOGFORMAT="Shorewall:%s:%s:"

    LOGTAGONLY=No

    LOGLIMIT=

    MACLIST_LOG_LEVEL=info

    RELATED_LOG_LEVEL=

    RPFILTER_LOG_LEVEL=info

    SFILTER_LOG_LEVEL=info

    SMURF_LOG_LEVEL=info

    STARTUP_LOG=/var/log/shorewall-init.log

    TCP_FLAGS_LOG_LEVEL=info

    UNTRACKED_LOG_LEVEL=


    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/0@fidonet)
  • From David W. Hodgins@2:250/0 to All on Thu Feb 8 03:27:38 2024
    On Wed, 07 Feb 2024 21:55:35 -0500, William Unruh <unruh@invalid.ca> wrote:
    Shore wall is dumping its messages into dmesg, rather than say /var/log/shorewall (which is empty) That rather fills dmesg with DROP messages
    [8024391.572953] Shorewall:sshd-fw:DROP:IN=eno1 OUT= MAC=4c:ed:fb:c2:2a:f3:a0:ab:1b:88:6e:58:08:00 SRC=185.196.8.151 DST=192.168.0.3 LEN=40 TOS=0x00 PREC=0xA0 TTL=250 ID=54321 PROTO=TCP SPT=40237 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0

    IIRC that's fixed by creating a file with one line such as /etc/sysctl.d/kernel.msg.conf
    kernel.printk=3 4 1 3

    Then run as root "sysctl --system".

    See https://linuxconfig.org/introduction-to-the-linux-kernel-log-levels
    for details.

    Regards, Dave Hodgins

    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/0@fidonet)
  • From William Unruh@2:250/1 to All on Tue Feb 20 23:38:40 2024
    On 2024-02-08, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
    On Wed, 07 Feb 2024 21:55:35 -0500, William Unruh <unruh@invalid.ca> wrote:
    Shore wall is dumping its messages into dmesg, rather than say
    /var/log/shorewall (which is empty) That rather fills dmesg with DROP
    messages
    [8024391.572953] Shorewall:sshd-fw:DROP:IN=eno1 OUT= MAC=4c:ed:fb:c2:2a:f3:a0:ab:1b:88:6e:58:08:00 SRC=185.196.8.151 DST=192.168.0.3 LEN=40 TOS=0x00 PREC=0xA0 TTL=250 ID=54321 PROTO=TCP SPT=40237 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0

    IIRC that's fixed by creating a file with one line such as /etc/sysctl.d/kernel.msg.conf
    kernel.printk=3 4 1 3

    Then run as root "sysctl --system".

    That did not work.
    The "explanation" in the article below is rather confusing

    "starting from level 0 and decreasing in severity ’till level 7: the
    lowest log level identifier, the most critical context." I have no idea
    what that means. It seems to be saying that level 7 is the most
    critical context. Is that right (Ie, this the opposite to the rsyslog
    levels which have lower numbers more critical than high numbers).
    "log level lower than it, (therefore messages with an higher severity)"
    Whereas this sentence seems to say the opposite.
    Or did the first quote mean to say "have lower numbers, the more
    critical context.

    But then I do not understand the log level of shorewall. Where are thos
    DROP messages being sent to?

    "The third value in the output reports the minimum_console_loglevel
    status. It indicates the minimum loglevel which can be used for
    console_loglevel. The level here used it’s 1, the highest."

    7 is higher than 0. But that does not seem to be what they mean by
    higher.

    But my problem is with dmesg, not with the console. It is dmesg whic
    his filling up with shorewall DROP messages, not the consooe. (Mind you
    I told the sytem to stop drumping log stuff into the cosold anywahy
    sicen it is really really really annoying to mafe the console filling
    with garbage while one is deperately trying to fix so crucial error.

    Ie, I have the printk file listing 3 4 1 3 as you suggested and dmesg is
    still being innundated by DROP messages.


    See https://linuxconfig.org/introduction-to-the-linux-kernel-log-levels
    for details.

    Regards, Dave Hodgins

    --- MBSE BBS v1.0.8.5 (Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From David W. Hodgins@2:250/1 to All on Wed Feb 21 01:43:22 2024
    On Tue, 20 Feb 2024 18:38:40 -0500, William Unruh <unruh@invalid.ca> wrote:
    Ie, I have the printk file listing 3 4 1 3 as you suggested and dmesg is still being innundated by DROP messages.

    Sorry, I thought your were referring to the messages showing up on a terminal, such as when using alt+ctrl+f3, and then logging in in text mode.

    The drop messages are generated by netfilter (part of the kernel), which uses rules set by a firewall such as shorewall.

    "man shorewall.conf" has some info on the log options, but I've never looked into it in detail.

    We used to have mandriva-save-dmesg.service saving a copy of the dmesg output to /var/log/dmesg, but it seems it's been dropped.

    Regards, Dave Hodgins

    --- MBSE BBS v1.0.8.5 (Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)