Discussion:
shorewall dumping everything into dmesg
(too old to reply)
William Unruh
2024-02-08 02:55:35 UTC
Permalink
Shore wall is dumping its messages into dmesg, rather than say
/var/log/shorewall (which is empty) That rather fills dmesg with DROP
messages
[8024391.572953] Shorewall:sshd-fw:DROP:IN=eno1 OUT= MAC=4c:ed:fb:c2:2a:f3:a0:ab:1b:88:6e:58:08:00 SRC=185.196.8.151 DST=192.168.0.3 LEN=40 TOS=0x00 PREC=0xA0 TTL=250 ID=54321 PROTO=TCP SPT=40237 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0

What might I have misconfigured?
/etc/shorewall/shorewall.conf has

###############################################################################
# L O G G I N G
###############################################################################

BLACKLIST_LOG_LEVEL=info

INVALID_LOG_LEVEL=info

LOG_MARTIANS=Yes

LOG_VERBOSITY=2

#LOGALLNEW=yes

LOGFILE=/var/log/shorewall

LOGFORMAT="Shorewall:%s:%s:"

LOGTAGONLY=No

LOGLIMIT=

MACLIST_LOG_LEVEL=info

RELATED_LOG_LEVEL=

RPFILTER_LOG_LEVEL=info

SFILTER_LOG_LEVEL=info

SMURF_LOG_LEVEL=info

STARTUP_LOG=/var/log/shorewall-init.log

TCP_FLAGS_LOG_LEVEL=info

UNTRACKED_LOG_LEVEL=
David W. Hodgins
2024-02-08 03:27:38 UTC
Permalink
Post by William Unruh
Shore wall is dumping its messages into dmesg, rather than say
/var/log/shorewall (which is empty) That rather fills dmesg with DROP
messages
[8024391.572953] Shorewall:sshd-fw:DROP:IN=eno1 OUT= MAC=4c:ed:fb:c2:2a:f3:a0:ab:1b:88:6e:58:08:00 SRC=185.196.8.151 DST=192.168.0.3 LEN=40 TOS=0x00 PREC=0xA0 TTL=250 ID=54321 PROTO=TCP SPT=40237 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
IIRC that's fixed by creating a file with one line such as
/etc/sysctl.d/kernel.msg.conf
kernel.printk=3 4 1 3

Then run as root "sysctl --system".

See https://linuxconfig.org/introduction-to-the-linux-kernel-log-levels
for details.

Regards, Dave Hodgins
William Unruh
2024-02-20 23:38:40 UTC
Permalink
Post by David W. Hodgins
Post by William Unruh
Shore wall is dumping its messages into dmesg, rather than say
/var/log/shorewall (which is empty) That rather fills dmesg with DROP
messages
[8024391.572953] Shorewall:sshd-fw:DROP:IN=eno1 OUT= MAC=4c:ed:fb:c2:2a:f3:a0:ab:1b:88:6e:58:08:00 SRC=185.196.8.151 DST=192.168.0.3 LEN=40 TOS=0x00 PREC=0xA0 TTL=250 ID=54321 PROTO=TCP SPT=40237 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
IIRC that's fixed by creating a file with one line such as
/etc/sysctl.d/kernel.msg.conf
kernel.printk=3 4 1 3
Then run as root "sysctl --system".
That did not work.
The "explanation" in the article below is rather confusing

"starting from level 0 and decreasing in severity ’till level 7: the
lowest log level identifier, the most critical context." I have no idea
what that means. It seems to be saying that level 7 is the most
critical context. Is that right (Ie, this the opposite to the rsyslog
levels which have lower numbers more critical than high numbers).
"log level lower than it, (therefore messages with an higher severity)"
Whereas this sentence seems to say the opposite.
Or did the first quote mean to say "have lower numbers, the more
critical context.

But then I do not understand the log level of shorewall. Where are thos
DROP messages being sent to?

"The third value in the output reports the minimum_console_loglevel
status. It indicates the minimum loglevel which can be used for
console_loglevel. The level here used it’s 1, the highest."

7 is higher than 0. But that does not seem to be what they mean by
higher.

But my problem is with dmesg, not with the console. It is dmesg whic
his filling up with shorewall DROP messages, not the consooe. (Mind you
I told the sytem to stop drumping log stuff into the cosold anywahy
sicen it is really really really annoying to mafe the console filling
with garbage while one is deperately trying to fix so crucial error.

Ie, I have the printk file listing 3 4 1 3 as you suggested and dmesg is
still being innundated by DROP messages.
Post by David W. Hodgins
See https://linuxconfig.org/introduction-to-the-linux-kernel-log-levels
for details.
Regards, Dave Hodgins
David W. Hodgins
2024-02-21 01:43:22 UTC
Permalink
Post by William Unruh
Ie, I have the printk file listing 3 4 1 3 as you suggested and dmesg is
still being innundated by DROP messages.
Sorry, I thought your were referring to the messages showing up on a terminal,
such as when using alt+ctrl+f3, and then logging in in text mode.

The drop messages are generated by netfilter (part of the kernel), which uses
rules set by a firewall such as shorewall.

"man shorewall.conf" has some info on the log options, but I've never looked
into it in detail.

We used to have mandriva-save-dmesg.service saving a copy of the dmesg output
to /var/log/dmesg, but it seems it's been dropped.

Regards, Dave Hodgins

Loading...