Hi All,
A few years ago I was asked if I could redirect console messages from Iptables to a different virtual console, on RedHat 7.3 . I managed to do it, but can't remember how I did it, now that the same question has arisen ona Centos 3.4 box.
I edited /etc/syslog.conf and redirected kern.* to /dev/tty2 for example & this didn't work I edited /etc/sysconfig/syslog and modified klogd options with -f /dev/tty2 & this didn't work either
So I stopped syslogd and klogd altogether and iptables still logs to the current console (which ever one you're on).
So my question is, how do I get iptables to redirect its output to another console?
P.
______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
Peter
This isn't exactly what you want but for one I can never understand sending things to the console where they just scroll off the top. In the days of computer rooms, slow teletype messages and loads of operators it may have made sense but these days things happen so quickly that you sometimes need to go back and analyse it.
So it is better IMHO to log to a file and tail -f in a shell if you really need the info all the time. For this, try syslog-ng - you can filter the stuff you want right from the socket. So you can make an iptables log file for example and anything else which can be stored of rotated as you wish. It works on my server nicely.
Best wishes
John
John Logsdon "Try to make things as simple Quantex Research Ltd, Manchester UK as possible but not simpler" j.logsdon@quantex-research.com a.einstein@relativity.org +44(0)161 445 4951/G:+44(0)7717758675 www.quantex-research.com
On Wed, 25 May 2005, Peter Farrow wrote:
Hi All,
A few years ago I was asked if I could redirect console messages from Iptables to a different virtual console, on RedHat 7.3 . I managed to do it, but can't remember how I did it, now that the same question has arisen ona Centos 3.4 box.
I edited /etc/syslog.conf and redirected kern.* to /dev/tty2 for example & this didn't work I edited /etc/sysconfig/syslog and modified klogd options with -f /dev/tty2 & this didn't work either
So I stopped syslogd and klogd altogether and iptables still logs to the current console (which ever one you're on).
So my question is, how do I get iptables to redirect its output to another console?
P.
This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi john,
I want to stop it logging to *all* the consoles, and limit it to just one of the virtual consoles if poss, it does log to var/log/messages as well where I run a perl script to check for "naughtiness" so I am covered in that respect, its just a pain with it logging to the console when you want to use the console....
I actually found iptables still logs to the console whatever settings you have in syslogd.conf and /etc/sysconfig/syslog.
I also found iptables still logs to the console even if you kill klogd and syslogd altogether (how bizarre)...
So in the end I modified /etc/sysctl.conf and added this line:
kernel.printk = 3 4 1 7
then did a sysctl -p
and that seems to have done it.... while still logging fully to /var/log/messages
P.
John Logsdon wrote:
Peter
This isn't exactly what you want but for one I can never understand sending things to the console where they just scroll off the top. In the days of computer rooms, slow teletype messages and loads of operators it may have made sense but these days things happen so quickly that you sometimes need to go back and analyse it.
So it is better IMHO to log to a file and tail -f in a shell if you really need the info all the time. For this, try syslog-ng - you can filter the stuff you want right from the socket. So you can make an iptables log file for example and anything else which can be stored of rotated as you wish. It works on my server nicely.
Best wishes
John
John Logsdon "Try to make things as simple Quantex Research Ltd, Manchester UK as possible but not simpler" j.logsdon@quantex-research.com a.einstein@relativity.org +44(0)161 445 4951/G:+44(0)7717758675 www.quantex-research.com
On Wed, 25 May 2005, Peter Farrow wrote:
Hi All,
A few years ago I was asked if I could redirect console messages from Iptables to a different virtual console, on RedHat 7.3 . I managed to do it, but can't remember how I did it, now that the same question has arisen ona Centos 3.4 box.
I edited /etc/syslog.conf and redirected kern.* to /dev/tty2 for example & this didn't work I edited /etc/sysconfig/syslog and modified klogd options with -f /dev/tty2 & this didn't work either
So I stopped syslogd and klogd altogether and iptables still logs to the current console (which ever one you're on).
So my question is, how do I get iptables to redirect its output to another console?
P.
This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
Would you want something like this?
Unfortunately the following code was written for a non-standard libc, so it might (will) require some tweaking to get it to compile.
/* * GPLv2 (c) Copyright 1999-2005 by Maciej Zenczykowski. * * Program redirects all kernel messages to tty1 * (the first virtual terminal). */
#include <stdio.h> #include <unistd.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <sys/ioctl.h>
int main() { int fd, res; char table[2]; table[0] = 11; // TIOCLINUX 11 -> set_kernel_message_redirect table[1] = 1; // ttyN=1, 0 to turn off redirection
fd = open("/dev/tty0", O_RDONLY, 0); if (fd < 0) { fprintf(stderr, "ERROR #%d: open_console /dev/tty0\n", errno); return 1; }; res = ioctl(fd, TIOCLINUX, &table); if (res < 0) { fprintf(stderr, "ERROR #%d: set_kmsg_redirect\n", errno); close(fd); return 2; };
close(fd); return 0; };
This is exactly want I want
Thanks very much!
Pete
Maciej Żenczykowski wrote:
Would you want something like this?
Unfortunately the following code was written for a non-standard libc, so it might (will) require some tweaking to get it to compile.
/*
- GPLv2 (c) Copyright 1999-2005 by Maciej Zenczykowski.
- Program redirects all kernel messages to tty1
- (the first virtual terminal).
*/
#include <stdio.h> #include <unistd.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <sys/ioctl.h>
int main() { int fd, res; char table[2]; table[0] = 11; // TIOCLINUX 11 -> set_kernel_message_redirect table[1] = 1; // ttyN=1, 0 to turn off redirection
fd = open("/dev/tty0", O_RDONLY, 0); if (fd < 0) { fprintf(stderr, "ERROR #%d: open_console /dev/tty0\n", errno); return 1; }; res = ioctl(fd, TIOCLINUX, &table); if (res < 0) { fprintf(stderr, "ERROR #%d: set_kmsg_redirect\n", errno); close(fd); return 2; };
close(fd); return 0; }; _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
Definitely missing an include for TIOCLINUX
either #include some termios.h (not sure which one is correct) or #define TIOCLINUX 0x0000541C
On Wed, 25 May 2005, Maciej Żenczykowski wrote:
Would you want something like this?
Unfortunately the following code was written for a non-standard libc, so it might (will) require some tweaking to get it to compile.
/*
- GPLv2 (c) Copyright 1999-2005 by Maciej Zenczykowski.
- Program redirects all kernel messages to tty1
- (the first virtual terminal).
*/
#include <stdio.h> #include <unistd.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <sys/ioctl.h>
int main() { int fd, res; char table[2]; table[0] = 11; // TIOCLINUX 11 -> set_kernel_message_redirect table[1] = 1; // ttyN=1, 0 to turn off redirection
fd = open("/dev/tty0", O_RDONLY, 0); if (fd < 0) { fprintf(stderr, "ERROR #%d: open_console /dev/tty0\n", errno); return 1; }; res = ioctl(fd, TIOCLINUX, &table); if (res < 0) { fprintf(stderr, "ERROR #%d: set_kmsg_redirect\n", errno); close(fd); return 2; };
close(fd); return 0; }; _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Wed, 2005-05-25 at 13:07, Peter Farrow wrote:
Hi john,
I want to stop it logging to *all* the consoles, and limit it to just one of the virtual consoles if poss, it does log to var/log/messages as well where I run a perl script to check for "naughtiness" so I am covered in that respect, its just a pain with it logging to the console when you want to use the console....
I actually found iptables still logs to the console whatever settings you have in syslogd.conf and /etc/sysconfig/syslog.
I also found iptables still logs to the console even if you kill klogd and syslogd altogether (how bizarre)...
So in the end I modified /etc/sysctl.conf and added this line:
kernel.printk = 3 4 1 7
then did a sysctl -p
and that seems to have done it.... while still logging fully to /var/log/messages
P.
Hi,
you could also modify the log statement of iptables using the options --log-level level Level of logging (numeric or see syslog.conf(5)) --log-prefix prefix Prefix log messages with the specified prefix; up to 29 letters long, and useful for distinguishing messages in the logs.
Use log-level 7 and assign a log-prefix of your choice. The high log-level will already prevent the logs appear on the console with the default dmesg setting of 4.
Then use syslog-ng instead of klogd/syslog to filter the logs on the log-prefix and define a destination to the tty of your choice.
-
Jens Grigel -
John Logsdon -
Maciej Żenczykowski -
Peter Farrow