Where do the boot time messages go?
Bill Yuan
bycn82 at gmail.com
Mon May 12 06:36:58 UTC 2014
1.The userland command "ipfw" will print the result directly on the stdout.
it is using printf() method.
2.The "firewall_logging" is for ipfw kernel module, and depends on the
net.inet.ip.fw.verbose_limit
and it will be logged in the syslog.
On Mon, May 12, 2014 at 2:08 PM, Ian Smith <smithi at nimnet.asn.au> wrote:
> On Sun, 11 May 2014 21:44:26 -0700, Chris H wrote:
> [Ronald F. Guilmette wrote:]
> > > In my /etc/rc.conf file, I have the following (among other things):
> > >
> > > firewall_enable="YES"
> > > firewall_type="/etc/fw.rules"
> > > firewall_logging="YES"
> > >
> > > And of course, on my system, the /etc/fw.rules file is full of ipfw
> > > "add" commands.
> > >
> > > During a normal boot of FreeBSD, I can see those add commands being
> > > processed. They are shown, briefly, whizzing by, on the console.
> > >
> > > During a recent reboot, I also saw something at about the same time
> > > that looked like it might possibly have been some sort of ipfw error
> > > or warning message.
> > >
> > > I would like to investigate.
>
> Instead of "ipfw add", if you use "ipfw -q add" those rule listings will
> not appear on the console. Any error messages - issued on stderr rather
> than stdout - should still appear without all the others. While they
> may still not get logged, you should be able to see them without all the
> 'whizzing by' at that stage of post-boot processing, and scrolling back
> the VT0 root console should reveal it/them.
>
> > > Unfortunately it appears that all of the console messages that are
> > > being logged, during the time when ipfw is processing my local
> firewall
> > > rules file, are not in fact stored into either /var/log/messages nor
> > > even into /var/log/security. (I know. I looked.)
>
> That's true .. fortunately, in general.
>
> > > So, um, where do these messages go, exactly?
> > > I really would like to have a look at the ones from the last boot.
>
> Any ipfw command issued without -q writes any resultant rule to stdout.
>
> > While unlikely, have a look at /var/run/dmesg.boot.
>
> Worth a try.
>
> > I see you have: firewall_logging="YES"
> > Isn't it possible to DEFINE the firewall LOG? :)
> > In other words; you ask it to log, but don't tell it WHERE. :)
> > Doing so should provide the answers you're looking for.
>
> In /etc/syslog.conf you should see:
> security.* /var/log/security
>
> Nothing but ipfw writes to log facility security, on my systems anyway.
>
> > Best wishes.
> >
> > --Chris
>
> cheers, Ian
>
> [off topic]
> BTW Chris, several days ago your system rejected two direct messages to
> you as spam. This may be the only way I can let you know. Subtracting
> 17 hours, this should appear in your mail logs around 02:47 Friday.
>
> Reporting-MTA: dns; sola.nimnet.asn.au
> Received-From-MTA: DNS; localhost
> Arrival-Date: Fri, 9 May 2014 19:47:26 +1000 (EST)
> Final-Recipient: RFC822; bsd-lists at bsdforge.com
> Action: failed
> Status: 5.0.0
> Diagnostic-Code: SMTP; 550 5.0.0 SPAM and BULK mail REJECTED
> Last-Attempt-Date: Fri, 9 May 2014 19:47:34 +1000 (EST)
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
More information about the freebsd-ipfw
mailing list