From 502397359fb9778c1bcbe7d182cc2fc59786b83e Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 26 May 2008 16:35:57 +0000 Subject: [PATCH] Rewrite FAQ 16 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8527 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/FAQ.xml | 77 ++++++++++++++-------------------------------------- 1 file changed, 20 insertions(+), 57 deletions(-) diff --git a/docs/FAQ.xml b/docs/FAQ.xml index 4cb603c0c..3038c63ec 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -1184,67 +1184,30 @@ DROP net fw udp 10619 url="shorewall_logging.html">Shorewall logging documentation. - - - Find where klogd is being started (it will be from one of the - files in /etc/init.d -- sysklogd, klogd, ...). Modify that file or - the appropriate configuration file so that klogd is started with - -c <n> where - <n> is a log level of 5 or less; - and/or - + The max log level to be sent to the console is available in + /proc/sys/kernel/printk:teastep@ursa:~$ cat /proc/sys/kernel/printk +6 6 1 7 +teastep@ursa:~$ The first number determines the maximum log + level (syslog priority) sent to the console. Messages with priority + less than this number are sent to the + console. On the system shown in the example above, priorities 0-5 are + sent to the console. Since Shorewall defaults to using 'info' (6), the + Shorewall-generated Netfilter ruleset will generate log messages that + will not appear on the console. - - See the dmesg man page (man - dmesg). You must add a suitable dmesg command - to your startup scripts or place it in /etc/shorewall/start. - - + The second number is the default log level for kernel printk() + calls that do not specify a log level. - - The hints below are just that; they have been known to work with - at least one release in the past but are not guaranteed to continue to - work with all releases of a particular distribution. As described - above, you may have to dig around in your distribution's init scripts - in order to find the correct solution. - + The third number specifies the minimum console log level while the + fourth gives the default console log level. - - Under RedHat and Mandriva, the max log level that is sent to the - console is specified in /etc/sysconfig/init in the LOGLEVEL variable - and in /etc/sysconfig/syslog in the KLOGD_PARAMS variable: + If, on your system, the first number is 7 or greater, then the + default Shorewall configurations will cause messages to be written to + your console. The simplest solution is to add this to your + /etc/sysctl.conf file:kernel.printk = 4 4 1 7 - - - Set LOGLEVEL=5 to suppress info (log level 6) - messages on the console during bootup. - - - - Add "-c 5" to KLOGD_PARAMS to suppress info (log level 6) - messages on the console. - - - - - - Under Debian with syslog, you can set KLOGD=-c 5 - in /etc/init.d/klogd to suppress info (log level - 6) messages on the console. - - - - Under Debian with syslog-ng, you can set "CONSOLE_LOG_LEVEL=5" - IN /etc/default/syslog-ng to suppress info (log - level 6) messages on the console. - - - - Under SUSE, add -c 5 to KLOGD_PARAMS in - /etc/sysconfig/syslog to suppress info (log level 6) messages on the - console. - + thensysctl -p /etc/sysctl.conf
(FAQ 16a) Why can't I see any Shorewall messages in