Where do the boot time messages go?
Ian Smith
smithi at nimnet.asn.au
Tue May 13 05:18:36 UTC 2014
On Mon, 12 May 2014 13:41:12 -0700, Ronald F. Guilmette wrote:
> In message <20140512152327.A11699 at sola.nimnet.asn.au>,
> Ian Smith <smithi at nimnet.asn.au> wrote:
>
> >... and scrolling back
> >the VT0 root console should reveal it/them.
>
> Thank you!
>
> I'm a bit ashamed to admit it, but I never even know about this console
> feature until today. It has already proved quite helpful to me in another
> context, and I will most certainly be using it soon to try to see if in
> fact I'm getting any boot-time errors from my ipfw setup.
>
> > > While unlikely, have a look at /var/run/dmesg.boot.
> >
> >Worth a try.
>
> Nope. The boot-time ipfw messages are not in there either.
No, they're not saved anywhere. If there was indeed an error message
from ipfw then I thought it might have gone there, but I'm not sure.
> >security.* /var/log/security
>
> Yes, quite. I do have that.
>
> But as I mentioned earlier, the boot-time messages relating to ipfw
> startup don't seem to be present within the /var/log/security file,
> and as someone else has mentioned, there's no reason that they should
> be. When my rules file is being processed, ipfw is most likely
> (verbosely) showing each of those in turn, but just to either stdout
> or stderr... and not syslogging them.
Yes; they do go to stdout (unless using -q) but that has nothing to do
with verbose logging being set - as Bill pointed out, that's only to do
with kernel mode syslogging of matching rules having the 'log' keyword.
root at x200:~ # kldload ipfw && ipfw add 64000 allow ip from any to any
64000 allow ip from any to any
root at x200:~ # ipfw add 65000 allow ip from any to any > test
root at x200:~ # cat test
65000 allow ip from any to any
And ipfw error messages do go to stderr, as is customary:
root at x200:~ # ipfw add 65001 invalid >test
ipfw: invalid action invalid
root at x200:~ # cat test && rm test && kldunload ipfw
root at x200:~ #
Of course you don't have to wait to reboot to run your rules file again;
as long as it begins with an 'ipfw -q flush' to clear existing rules, as
it ought, just run '# sh /pathto/yourrulesfile' .. and you can redirect
that output to a file if you want, though 'ipfw show' is usually more
useful. As ever, the best advice is ipfw(8)
cheers, Ian
More information about the freebsd-ipfw
mailing list