[Shorewall-users] STDERR messages

Tom Eastep teastep@shorewall.net
Fri, 5 Apr 2002 13:58:46 -0800 (Pacific Standard Time)


On Fri, 5 Apr 2002, Gar Nelson wrote:

> I already deleted the earlier message, but it got me thinking anyway.
> The question was about all the iptables messaages that get output to the
> main console terminal. Tom said something like 'just redirect STDERR'.
>
> Okay. Looking at Marcel Gagne's Linux Sys Admin book, he talks about
> STDERR on page 54 with the illustration;
>
> 	command-name 2>&1 > logfile.out
>
> Next I looked at /etc/rc/d/init.d/shorewall and found
>
> ################################################################################
> # Run iptables and if an error occurs, stop the firewall and
> quit              #
> ################################################################################
> run_iptables() {
>     if ! iptables `echo $@ | sed 's/!/! /g'`; then
>         [ -z "$stopping" ] && { stop_firewall; exit 2; }
>     fi
> }
>
> And I found lots of stuff that refered back to run_iptables(), but I
> don't quite see how to apply "iptables 2>&1 > /var/log/iptables.log" to
> that mess up there.
>
> And though Mastering Regular Expressions by Jeff Friedl, O'Reilly, Jan
> 97 is on my Amazon wishlist, I haven't picked it up yet. Perhaps my
> assumption is incorrect that that procedure would look legible if I had
> a better handle on regular expressions?
>
> For me, its not a big deal to have all that STDERR stuff go out to the
> screen, since the box is in an equipment room, normally without a screen
> attached. It would be better though to have enough understanding of how
> shorewall is operating with iptables to apply Tom's comment to the box.
> I'm working on getting there, but I'm not there yet.
>
> Oh, and I wrote this without reading through the FAQ again, but I'll
> head off there next.

What I was suggesting is that you:

	/etc/init.d/shorewall start > /tmp/shorewall.log 2>&1

or something similar.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net