From owner-freebsd-bugs Sun Jul 4 23:40: 3 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 77ECB15297 for ; Sun, 4 Jul 1999 23:40:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id XAA73935; Sun, 4 Jul 1999 23:40:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from byron.fachschaften.uni-muenchen.de (byron.fachschaften.uni-muenchen.de [129.187.163.38]) by hub.freebsd.org (Postfix) with ESMTP id 835A215297 for ; Sun, 4 Jul 1999 23:37:09 -0700 (PDT) (envelope-from ankh@byron.fachschaften.uni-muenchen.de) Received: (from ankh@localhost) by byron.fachschaften.uni-muenchen.de (8.9.3/8.9.3) id IAA99970; Mon, 5 Jul 1999 08:37:24 GMT Message-Id: <199907050837.IAA99970@byron.fachschaften.uni-muenchen.de> Date: Mon, 5 Jul 1999 08:37:24 GMT From: Florian Uhl Reply-To: ankh@byron.fachschaften.uni-muenchen.de To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: kern/12517: ipfw should not log to console Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 12517 >Category: kern >Synopsis: ipfw should not log to console when using the 'log' keyword but does (sort of documented) >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Jul 4 23:40:01 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Florian Uhl >Release: FreeBSD 3.2-STABLE i386 >Organization: Department of Computer Sciences at University Munich/Germany >Environment: FreeBSD byron 3.2-STABLE FreeBSD 3.2-STABLE #0: Sun Jun 27 17:40:55 GMT 1999 >Description: When using the 'log' keyword for ipfw rules, ipfw logs not only via syslog (using !ipfw notation) but to the console as well (this is the documented behaviour). On a medium to high traffic machine this generates _a lot_ of totally unnecessary messages on the console. None of them is really critical or something like that. Anyway, applications should not log to the console at all but to syslog alone. If I want some application to log to the console, I will tell syslogd to do so. From the 'ipfw' man page: | If the kernel was compiled with IPFIREWALL_VERBOSE, then when a packet | matches a rule with the log keyword a message will be printed on the con- | sole. From my kernel configuration: | [byron: /usr/src/sys/i386/conf] grep FIREWALL BYRON | options IPFIREWALL | options IPFIREWALL_DEFAULT_TO_ACCEPT Nothing about VERBOSE. Next paragraph from 'man ipfw': | Console logging and the log limit are adjustable dynamically through the | sysctl(8) interface. This means console logging is the only logging method!? From sysctl: | [byron: /usr/src/sys/i386/conf] sysctl -a | egrep -v ^ipfw | egrep fw\. | net.inet.ip.fw.debug: 0 | net.inet.ip.fw.one_pass: 1 | net.inet.ip.fw.verbose: 1 | net.inet.ip.fw.verbose_limit: 0 There is nothing about console at all. If I set net.inet.ip.fw.verbose to 0, it doesn't log anything. Not what I want, either. >How-To-Repeat: ipfw add allow log tcp from any to any >Fix: Add sysctl net.inet.ip.fw.logconsole. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message