[Bug 593699] New: rsyslog logs on console
http://bugzilla.novell.com/show_bug.cgi?id=593699 http://bugzilla.novell.com/show_bug.cgi?id=593699#c0 Summary: rsyslog logs on console Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: x86-64 OS/Version: openSUSE 11.2 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: novell-web@zmi.at QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.1.8) Gecko/20100204 SUSE/3.5.8-0.1.1 Firefox/3.5.8 I replaced syslog-ng with rsyslog, and now all logs from iptables are shown on the console. It's reproducible, re-starting syslog-ng stops console logging. I have the default config, which contains if ($syslogfacility-text == 'kern') and \ ($msg contains 'IN=' and $msg contains 'OUT=') then \ -/var/log/firewall;RSYSLOG_TraditionalFileFormat if ($syslogfacility-text == 'kern') and \ ($msg contains 'IN=' and $msg contains 'OUT=') then \ ~ I also tried with (the better) if ($syslogfacility-text == 'kern') and \ ($msg contains 'IN=' and $msg contains 'OUT=') then \ -/var/log/firewall;RSYSLOG_TraditionalFileFormat & ~ But anyway it's logged on the console. Googling showed me this page http://www.linux.org.za/Lists-Archives/glug-tech-1001/msg00009.html and really doing sysctl kernel.printk="4 4 1 7" stops console logging with rsyslog. But I don't want this, I want rsyslog to behave like syslog-ng. Any ideas how to disable iptables logs with rsyslog? BTW: the iptabes rule causing that log is $IPTABLES -A RULE_19 -j LOG --log-level info --log-prefix "lastdrop " --log-tcp-options --log-ip-options but as I said with syslog-ng it works correctly. Reproducible: Always Steps to Reproduce: 1. switch from syslog-ng to rsyslog 2. access PC so that an iptables log is generated 3. that entry shows up on the console Actual Results: iptables log appears on console Expected Results: shouldn't display iptables logs on console -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=593699 http://bugzilla.novell.com/show_bug.cgi?id=593699#c yang xiaoyu <xyyang@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |xyyang@novell.com AssignedTo|bnc-team-screening@forge.pr |mt@novell.com |ovo.novell.com | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=593699 http://bugzilla.novell.com/show_bug.cgi?id=593699#c1 Marius Tomaschewski <mt@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #1 from Marius Tomaschewski <mt@novell.com> 2010-04-16 12:14:39 UTC --- Thanks for the report. I'll take a look what happens there... -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=593699 http://bugzilla.novell.com/show_bug.cgi?id=593699#c2 --- Comment #2 from Marius Tomaschewski <mt@novell.com> 2010-04-16 12:48:54 UTC --- It is IMO a config file issue. In syslog-ng, I'm explicitely filtering out the iptables from console logs, except when they're logged in err-level (when I see correctly). I'll try to fix the config to filter it out it in rsyslog as well. Makes no sense to get all warnings (AFAIR default in iptables) in the console. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=593699 http://bugzilla.novell.com/show_bug.cgi?id=593699#c3 Michael Monnerie <novell-web@zmi.at> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |novell-web@zmi.at --- Comment #3 from Michael Monnerie <novell-web@zmi.at> 2010-04-28 10:16:34 UTC --- I found out that if you run syslog-ng, klogd runs also: /sbin/syslog-ng -a /var/lib/dhcp/dev/log -a /var/lib/named/dev/log /sbin/klogd -c 1 -x But if you use rsyslog instead, klogd doesn't run: /sbin/rsyslogd -c 4 -f /etc/rsyslog.conf Then I checked "sysctl -a|grep printk" and saw that klogd sets: kernel.printk = 1 4 1 7 while without it has kernel.printk = 7 4 1 7 So maybe there is the dependency. I set kernel.printk = 2 4 1 7 in /etc/sysctl.conf now, that solves it as a workaround. But it would be nice if you could fix it so the default behaviour becomes the same in rsyslog as with syslog-ng. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=593699 http://bugzilla.novell.com/show_bug.cgi?id=593699#c4 --- Comment #4 from Marius Tomaschewski <mt@novell.com> 2010-04-28 14:30:13 UTC --- Ah... yes, thanks! There is a config option for: $klogConsoleLogLevel [number] (former klogd -c option) See also http://www.rsyslog.com/doc-imklog.html. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=593699 http://bugzilla.novell.com/show_bug.cgi?id=593699#c5 --- Comment #5 from Marius Tomaschewski <mt@novell.com> 2010-04-28 14:55:45 UTC --- Kernel log level change for factory (OBS/Base:System/rsyslog) $ osc diff Index: rsyslog.conf.in =================================================================== --- rsyslog.conf.in (revision 0bcbcabae33ebad26ad92e7b284d7ad6) +++ rsyslog.conf.in (working copy) @@ -21,7 +21,10 @@ $ModLoad immark.so # provides --MARK-- message capability $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) -$ModLoad imklog.so # kernel logging (may be also provided by /sbin/klogd) + +$ModLoad imklog.so # kernel logging (may be also provided by /sbin/klogd), + # see also http://www.rsyslog.com/doc-imklog.html. +$klogConsoleLogLevel 1 # set log level 1 (same as in /etc/sysconfig/syslog). # # Include config generated by /etc/init.d/syslog script -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=593699 http://bugzilla.novell.com/show_bug.cgi?id=593699#c6 --- Comment #6 from Marius Tomaschewski <mt@novell.com> 2010-04-28 17:10:19 UTC --- The following filter should do the job: if ( \ /* kernel up to warning except of firewall */ \ ($syslogfacility-text == 'kern') and \ ($syslogseverity <= 4 /* warning */ ) and not \ ($msg contains 'IN=' and $msg contains 'OUT=') \ ) or ( \ /* up to errors except of facility authpriv */ \ ($syslogseverity <= 3 /* errors */ ) and not \ ($syslogfacility-text == 'authpriv') \ ) \ then /dev/tty10;RSYSLOG_TraditionalFileFormat & |/dev/xconsole;RSYSLOG_TraditionalFileFormat -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=593699 http://bugzilla.novell.com/show_bug.cgi?id=593699#c7 --- Comment #7 from Marius Tomaschewski <mt@novell.com> 2010-04-28 17:26:14 UTC --- Created an attachment (id=357485) --> (http://bugzilla.novell.com/attachment.cgi?id=357485) Complete config auth klogd -c 1, console iptables filter, ... The complete config file that goes to OBS, Base:System/rsyslog now. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=593699 http://bugzilla.novell.com/show_bug.cgi?id=593699#c9 Christian Dengler <cdengler@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED CC| |cdengler@novell.com InfoProvider|maintenance@opensuse.org | --- Comment #9 from Christian Dengler <cdengler@novell.com> 2010-04-29 10:02:49 UTC --- I think it is enough to put it into factory. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=593699 http://bugzilla.novell.com/show_bug.cgi?id=593699#c10 Marius Tomaschewski <mt@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #10 from Marius Tomaschewski <mt@novell.com> 2010-05-17 13:53:42 UTC --- It is fixed in factory. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=593699 http://bugzilla.novell.com/show_bug.cgi?id=593699#c11 --- Comment #11 from Bernhard Wiedemann <bwiedemann@suse.com> --- This is an autogenerated message for OBS integration: This bug (593699) was mentioned in https://build.opensuse.org/request/show/39733 Factory / rsyslog -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com