Date: Tue, 13 May 2014 15:18:28 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: "Ronald F. Guilmette" <rfg@tristatelogic.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: Where do the boot time messages go? Message-ID: <20140513140531.D11699@sola.nimnet.asn.au> In-Reply-To: <7346.1399927272@server1.tristatelogic.com> References: <7346.1399927272@server1.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 12 May 2014 13:41:12 -0700, Ronald F. Guilmette wrote: > In message <20140512152327.A11699@sola.nimnet.asn.au>, > Ian Smith <smithi@nimnet.asn.au> wrote: > > >... and scrolling back > >the VT0 root console should reveal it/them. > > Thank you! > > I'm a bit ashamed to admit it, but I never even know about this console > feature until today. It has already proved quite helpful to me in another > context, and I will most certainly be using it soon to try to see if in > fact I'm getting any boot-time errors from my ipfw setup. > > > > While unlikely, have a look at /var/run/dmesg.boot. > > > >Worth a try. > > Nope. The boot-time ipfw messages are not in there either. No, they're not saved anywhere. If there was indeed an error message from ipfw then I thought it might have gone there, but I'm not sure. > >security.* /var/log/security > > Yes, quite. I do have that. > > But as I mentioned earlier, the boot-time messages relating to ipfw > startup don't seem to be present within the /var/log/security file, > and as someone else has mentioned, there's no reason that they should > be. When my rules file is being processed, ipfw is most likely > (verbosely) showing each of those in turn, but just to either stdout > or stderr... and not syslogging them. Yes; they do go to stdout (unless using -q) but that has nothing to do with verbose logging being set - as Bill pointed out, that's only to do with kernel mode syslogging of matching rules having the 'log' keyword. root@x200:~ # kldload ipfw && ipfw add 64000 allow ip from any to any 64000 allow ip from any to any root@x200:~ # ipfw add 65000 allow ip from any to any > test root@x200:~ # cat test 65000 allow ip from any to any And ipfw error messages do go to stderr, as is customary: root@x200:~ # ipfw add 65001 invalid >test ipfw: invalid action invalid root@x200:~ # cat test && rm test && kldunload ipfw root@x200:~ # Of course you don't have to wait to reboot to run your rules file again; as long as it begins with an 'ipfw -q flush' to clear existing rules, as it ought, just run '# sh /pathto/yourrulesfile' .. and you can redirect that output to a file if you want, though 'ipfw show' is usually more useful. As ever, the best advice is ipfw(8) cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140513140531.D11699>