berarul
Tux's lil' helper
Joined: 12 Apr 2004
Posts: 75
Location: Bucuresti
|
 Posted: Fri Apr 23, 2004 10:14 pm Post subject: logger overflow :) |
 |
|
Hello.
Here is my problem:
Everything was going fine on my gentoo machine which also acts as a router (SNAT) for another computer. I use iptables for the job, and LOG every not accepted package - normally to vc/12.
I finally compiled kde, started xdm and logged in, but when I tried to CTRL+ALT+F1, the console was overrun by iptables messages. I have not changed anything in the network or syslog-ng config scripts. To get a better description of the problem: whenever i switch to any vc/ other than vc/7 when i run X, the console gets flooded with network logs so all my consoles are now useless.
# iptables -L
| Code: |
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 10.10.10.0/24 anywhere
drop-and-log-it all -- 10.10.10.0/24 anywhere
ACCEPT all -- anywhere 81.181.1.178 state RELATED,ESTABLISHED
drop-and-log-it all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
drop-and-log-it all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 81.181.1.178 10.10.10.0/24
ACCEPT all -- thor.digifin 10.10.10.0/24
drop-and-log-it all -- anywhere 10.10.10.0/24
ACCEPT all -- 81.181.1.178 anywhere
drop-and-log-it all -- anywhere anywhere
Chain drop-and-log-it (5 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix `FIREWALL'
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
|
# cat /etc/syslog-ng/syslog-ng.conf
| Code: |
# $Header: /home/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo,v 1.3 2003/05/12 22:43:48 msterret Exp $
#
# Syslog-ng default configuration file for Gentoo Linux
# contributed by Michael Sterrett
options {
long_hostnames(off);
sync(0);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats(43200);
};
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
destination messages { file("/var/log/messages"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
log { source(src); destination(messages); };
log { source(src); destination(console_all); };
|
I stuck with the defaults since i din't get into configuring my system. As you can see the log level of the drop-and-log-it chain is info and it should (?) only print to vc/12. Again this worked with theese settings, but suddendly it started spweing logs everywhere.
I would also like to point out that there is no other syslog in my init scripts:
# ls /etc/init.d/*log*
| Code: |
/etc/init.d/rmnologin /etc/init.d/syslog-ng
|
Maybe I missed another config file?
Any is be appreaciated!
*************EDIT
After i commented the line | Code: | | LOG all -- anywhere anywhere LOG level info prefix `FIREWALL' |
i noticed that normal logging of operations (users logging in and out) is done as it should to vc/12, however netowork logging (disconnecting eth0) would still go to the active console.
_________________
You need to stand up to your mother, smack her in the face and say "That's enough of your shit, you fucking bitch!" |
|
Networking & Security
