[Shorewall-users] STDERR messages (fwd)

Barry, Christopher cbarry@infiniconsys.com
Fri, 5 Apr 2002 18:18:17 -0500

Hi all,
	The answer was given for this problem of stderr all over the
screen - no I am not using this as a workstation 8^/

Use dmesg -n1 to disable the spew.


-----Original Message-----
From: Gar Nelson [mailto:gar.nelson@noaa.gov]
Sent: Friday, April 05, 2002 6:09 PM
To: Shorewall Users
Subject: Re: [Shorewall-users] STDERR messages (fwd)

I guess I'm guilty of trimming my messages too much. <s>

Tom Eastep wrote:
> On Fri, 5 Apr 2002, Gar Nelson wrote:
> > Tom Eastep wrote:
> > >
> > > What I was suggesting is that you:
> > >
> > >         /etc/init.d/shorewall start > /tmp/shorewall.log 2>&1
> > >
> > > or something similar.
> >
> > Not to be a twit or anything, but....
> >
> > /etc/rc3.d/S25shorewall is a link to /etc/rc.d/init.d/shorewall
> >
> > Redhat fires up and looks for its run level, 3 in my case, then geos
> > rc3.d and executes all the scripts that start with a capital S.
> > causes shorewall to run, but it does so without a command tail of
> > "start" or anything else, right? The actual "shorewall start" is
> > in the shorewall script in /etc/rc.d/init.d
> SysVInit is smart enough to append "start" when it wants to start a
> service.
> > Now I can understand if I change the file in rc3.d to K25shorewall,
> > then edit /etc/rc.d/rc.local to run /etc/rc3.d/init.d/shorewall
start >
> > /tmp/shorewall.log 2>&1
> > I can see that would work, but it would also cause shorewall to be
> > of the last processes brought up. Isn't that a bad thing?
> >
> > I'm not trying to be dense. I'm sending off most of my paycheck to
> > O'Reilly to populate my book shelf, and subscribing to SysAdmin,
> > Journal, and Linux Magazine. I'm working on my "Networking 101" self
> > study program, but realistically I'm not at the graduate level yet.
> >
> > Anyway, thanks for your help and the fine program.
> Please remind us again -- what problem are you trying to solve here?

Another guy brought up that he was getting STDERR messages all over his
terminal screen when running shorewall. I'm guessing that he is also
using his box as a workstation? I can see how that would be a bit

In my case, the shorewall system is dedicated, but it normally doesn't
have a screen attached to it. (kvm switch shared with a bunch of other
servers). 99.9% of the time, no one will see the shorewall screen here.
The error messages don't bother me in a using the machine sense, but
maybe there is something there I should see.=20

So the question is, redirecting that STDERR to a file, and still
starting up shorewall automatically at boot.

/etc/init.d/shorewall start > /var/log/shorewall.log 2>&1  will work if
you disable the regular sysVinit call via symbolic link in /etc/rc3.d or
/etc/rc5.d and instead place the call in /etc/rc.d/rc.local  That
accomplishes the mission, getting shorewall to start automatically, with
STDERR redirected, but it also starts shorewall last.

One of the benifits of Tom's shorewall is that you can start it before
the network comes up, however, using rc.local removes that possibility.=20

If you're using the symbolic link in /etc/rc3.d or /etc/rc5.d, then
sysVinit supplies the "start". So how do you supply the rest of the
tail? "> /var/log/shorewall.log 2>&1" Is it possible?