LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices



Reply
 
Search this Thread
Old 02-12-2006, 12:19 AM   #1
drakebasher
Member
 
Registered: Aug 2004
Location: Proprio Qui
Distribution: Debian
Posts: 85

Rep: Reputation: 16
conntrack messages are filling my screen!


I'm putting Debian Sarge on all of my systems: I have a server/firewall that doesn't have X installed and that serves a few workstations. My problem is that certain messages about network activity are being sent to the text screen on the server. The messages look something like this:
Code:
IN=ppp0 OUT= MAC= SRC=66.2.31.2 DST=66.2.88.99 LEN=48 TOS=0x00 PREC=0x00 TTL
=121 ID=59887 DF PROTO=TCP SPT=3762 DPT=139 WINDOW=8160 RES=0x00 SYN URGP=0
That's just one message. I get several within a few seconds and then maybe one every 30 seconds, randomly. It looks like logging information that needs either to be redirected or turned off. Help?
 
Old 02-12-2006, 01:55 AM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
Check your /etc/syslog-ng/syslog-ng.conf or /etc/syslog.conf file. It could also be that you are logged in as root, which should be only done temporarily.

On my computer, there is an /etc/syslog-ng/syslog-ng.conf.in file that I would edit instead.

Look that this part:
Code:
#
# Most warning and errors on tty10 and on the xconsole pipe:
#
destination console  { file("/dev/tty10"    group(tty) perm(0620)); };
log { source(src); filter(f_console); destination(console); };

destination xconsole { pipe("/dev/xconsole" group(tty) perm(0400)); };
log { source(src); filter(f_console); destination(xconsole); };

# Enable this, if you want that root is informed immediately,
# e.g. of logins:
#
#destination root { usertty("root"); };
#log { source(src); filter(f_alert); destination(root); };
On my computer, these messages show up on vt10 and not on a console. You may just need to comment out a couple lines to stop the behavior you are seeing.

Last edited by jschiwal; 02-12-2006 at 01:59 AM.
 
Old 02-12-2006, 10:57 AM   #3
Dead Parrot
Senior Member
 
Registered: Mar 2004
Distribution: Debian GNU/kFreeBSD
Posts: 1,597

Rep: Reputation: 46
You could try this sequence of commands (the first character, "$" or "#", represents the shell prompt):

$ su
# echo "dmesg -n1" > /etc/init.d/local
# chmod +x /etc/init.d/local
# update-rc.d local start 80 2 3 4 5 .
# /etc/init.d/local start
# exit
$

A better alternative would be to redirect the log messages to some file instead. This is easy with the FireHOL firewall and ulogd but I don't know how to do it with other firewalls.
 
Old 02-12-2006, 12:56 PM   #4
drakebasher
Member
 
Registered: Aug 2004
Location: Proprio Qui
Distribution: Debian
Posts: 85

Original Poster
Rep: Reputation: 16
Thanks for the replies. jschiwal: I am using syslog and I edited /etc/syslog.conf in an effort to fix it so here's what I have currently (I've omitted all the comments and empty lines):
Code:
auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog
daemon.*                        -/var/log/daemon.log
kern.*                          -/var/log/kern.log
lpr.*                           -/var/log/lpr.log
mail.*                          -/var/log/mail.log
user.*                          -/var/log/user.log
uucp.*                          /var/log/uucp.log
mail.info                       -/var/log/mail.info
mail.warn                       -/var/log/mail.warn
mail.err                        /var/log/mail.err
news.crit                       /var/log/news/news.crit
news.err                        /var/log/news/news.err
news.notice                     -/var/log/news/news.notice
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none     -/var/log/debug
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none          -/var/log/messages
*.emerg                         *
daemon.*;mail.*;\
        news.crit;news.err;news.notice;\
        *.=debug;*.=info;\
        *.=notice;*.=warn       |/dev/tty4
I changed the last line from /dev/xconsole to /dev/tty4 and that causes some messages to go to tty4, but they are not the same as those on tty1. It looks like all of the things above, except for the last, are being sent to files. Maybe the messages I'm seeing are being directed by some other .conf file? Dead Parrot: I'll have to research your response a bit. Thanks alot for the reference to FireHOL. I hadn't heard of that, but it looks promising. Thanks~

Last edited by drakebasher; 02-12-2006 at 01:02 PM.
 
Old 02-12-2006, 01:19 PM   #5
saman007uk
Member
 
Registered: Dec 2003
Location: ~root
Distribution: Debian
Posts: 363

Rep: Reputation: 32
You can just remove logging from the firewall. Something glike this might help:
Code:
/sbin/iptables-save | grep -v LOG | /sbin/iptables-restore
 
Old 02-12-2006, 01:21 PM   #6
saman007uk
Member
 
Registered: Dec 2003
Location: ~root
Distribution: Debian
Posts: 363

Rep: Reputation: 32
Quote:
Originally Posted by Dead Parrot
A better alternative would be to redirect the log messages to some file instead. This is easy with the FireHOL firewall and ulogd but I don't know how to do it with other firewalls.
How would you redirect logs to a file in Firehol? I've been looking for something like this for ages ...
 
Old 02-12-2006, 01:49 PM   #7
drakebasher
Member
 
Registered: Aug 2004
Location: Proprio Qui
Distribution: Debian
Posts: 85

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by saman007uk
You can just remove logging from the firewall. Something glike this might help:
Code:
/sbin/iptables-save | grep -v LOG | /sbin/iptables-restore
I've done a variation on your suggestion and all seems okay, so that works until I've done more research. Thanks, all.
 
Old 02-12-2006, 01:57 PM   #8
Dead Parrot
Senior Member
 
Registered: Mar 2004
Distribution: Debian GNU/kFreeBSD
Posts: 1,597

Rep: Reputation: 46
Quote:
How would you redirect logs to a file in Firehol?
The nice thing about FireHOL is that it has native support for ulogd. After installing the software (aptitude install firehol ulogd) you can enable log redirecting in FireHOL's config file, /etc/default/firehol. Make it look like this:

START_FIREHOL=YES
FIREHOL_LOG_MODE="ULOG"

I used Firestarter before discovering FireHOL+ulogd and the log messages in console were quite annoying. So when I found out that enabling ulogd in FireHOL was that easy, it really saved my day.

And the firewall configuration with FireHOL is also not that difficult. There's a command line tool named "firehol-wizard" ("firehol-wizard > /etc/firehol/firehol.conf") that checks your running services and then creates an initial firewall config file for you. If you want to, for example, open port 6881 in order to speed up bittorrent downloads, you can add something like this to /etc/firehol/firehol.conf:

# Allow BitTorrent server ports
server_bittorrent_ports="tcp/6881"
client_bittorrent_ports=any
server bittorrent accept
client all accept

Then you just restart FireHOL ("/etc/init.d/firehol restart" or simply "/sbin/firehol restart") and you're ready to go.

Last edited by Dead Parrot; 02-12-2006 at 04:24 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ndiswrapper kernel messages filling my logs... TOO MUCH! jkassemi Linux - Wireless Networking 4 11-08-2005 03:12 AM
The coloured messages on the screen. Gins Linux - General 4 04-18-2005 04:28 PM
tv filling the screen biscristi Linux - Software 0 06-09-2004 06:28 AM
wm not filling whole screen xio Linux - Laptop and Netbook 3 01-07-2004 04:29 AM
/var/log/messages --filling up rapidly lub0 Linux - Security 1 10-13-2003 08:16 AM


All times are GMT -5. The time now is 11:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration