[Shorewall-users] STDERR messages

Pascal DeMilly list.shorewall@newgenesys.com
05 Apr 2002 21:47:06 -0800


Or you could add: exec 2>/var/log/shorewall.log at the beginning of the
shorewall script

Pascal

On Fri, 2002-04-05 at 13:58, Tom Eastep wrote:
> On Fri, 5 Apr 2002, Gar Nelson wrote:
> 
> > I already deleted the earlier message, but it got me thinking anyway.
> > The question was about all the iptables messaages that get output to the
> > main console terminal. Tom said something like 'just redirect STDERR'.
> >
> > Okay. Looking at Marcel Gagne's Linux Sys Admin book, he talks about
> > STDERR on page 54 with the illustration;
> >
> > 	command-name 2>&1 > logfile.out
> >
> > Next I looked at /etc/rc/d/init.d/shorewall and found
> >
> > ################################################################################
> > # Run iptables and if an error occurs, stop the firewall and
> > quit              #
> > ################################################################################
> > run_iptables() {
> >     if ! iptables `echo $@ | sed 's/!/! /g'`; then
> >         [ -z "$stopping" ] && { stop_firewall; exit 2; }
> >     fi
> > }
> >
> > And I found lots of stuff that refered back to run_iptables(), but I
> > don't quite see how to apply "iptables 2>&1 > /var/log/iptables.log" to
> > that mess up there.
> >
> > And though Mastering Regular Expressions by Jeff Friedl, O'Reilly, Jan
> > 97 is on my Amazon wishlist, I haven't picked it up yet. Perhaps my
> > assumption is incorrect that that procedure would look legible if I had
> > a better handle on regular expressions?
> >
> > For me, its not a big deal to have all that STDERR stuff go out to the
> > screen, since the box is in an equipment room, normally without a screen
> > attached. It would be better though to have enough understanding of how
> > shorewall is operating with iptables to apply Tom's comment to the box.
> > I'm working on getting there, but I'm not there yet.
> >
> > Oh, and I wrote this without reading through the FAQ again, but I'll
> > head off there next.
> 
> What I was suggesting is that you:
> 
> 	/etc/init.d/shorewall start > /tmp/shorewall.log 2>&1
> 
> or something similar.
> 
> -Tom
> --
> Tom Eastep    \ Shorewall - iptables made easy
> AIM: tmeastep  \ http://www.shorewall.net
> ICQ: #60745924  \ teastep@shorewall.net
> 
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net
> http://www.shorewall.net/mailman/listinfo/shorewall-users