HPE Community
Operating System - HP-UX
1830624 Members
2007 Online
110015 Solutions
New Discussion

ipfilter (ipf) not logging when started by ipfboot

 
Brian McEntire
Frequent Advisor

‎08-08-2003 02:13 PM

‎08-08-2003 02:13 PM

ipfilter (ipf) not logging when started by ipfboot

I installed the ipfilter depot from HP today on a recently upgraded HP-UX 11i server. I also installed Bastille (but didn't lock much down.) After installing ipf, ran bastille and configured it to include the default ipf rules.

/sbin/init.d/ipfboot looks good and ipf does successfully start (and works) after booting.

But, ipmon does not start at boot time. I want it to. And it looks like it should:

[newkf_root]$pwd
/etc/rc.config.d
[newkf_root]$grep IPMON *
ipfconf:IPMON_START=1
ipfconf:IPMON_FLAGS=-sD

But ps -ef|grep ipmon does not show it running after boot.

I can manually start ipmon and it works -- logs to stdout or to syslog if I start with -s.

Can anyone think of why it won't start at boot time? The ipfboot script that came with the depot looks reasonable.

Help greatly appreciated!
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎08-08-2003 02:18 PM

‎08-08-2003 02:18 PM

Re: ipfilter (ipf) not logging when started by ipfboot

I believe there should be a message in /etc/rc.log as to what is going on.

A boot start leaves you as the programmer/admin responsible for any kind of environment the startup script needs. In /etc/rc.log there is probably a message complaining about a missing environment variable.

As a diagnostic, you can add a line to the startup script.

env > /tmp/ipfilter.env.text

This you can compare to the environment when you start it as root and you'll be able to solve this problem.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Brian McEntire
Frequent Advisor

‎08-08-2003 02:26 PM

‎08-08-2003 02:26 PM

Re: ipfilter (ipf) not logging when started by ipfboot

I should clarify --

ipmon -s
works when I start ipmon manually

But it never starts from ipfboot, whether I run that with "start" or whether it is run at boot time.
0 Kudos
Reply
Brian McEntire
Frequent Advisor

‎08-08-2003 05:07 PM

‎08-08-2003 05:07 PM

Re: ipfilter (ipf) not logging when started by ipfboot

Also, this is the only IPF related output in the /etc/rc.log file:

Starting IPFilter
Output from "/sbin/rc2.d/S131ipfboot start":
----------------------------
Set 0 now inactive
0 entries flushed from NAT table
0 entries flushed from NAT list


- - -

Ahhhh... I think I have the answer to my own question.

I looked in /sbin/rc2.d --

[newkf_root]$ls -l *syslogd
lrwxr-xr-x 1 root sys 20 Apr 14 2000 S220syslogd -> /sbin/init.d/syslogd

[newkf_root]$ls -l *ipfboot
lrwxr-xr-x 1 root sys 20 Aug 8 14:26 S131ipfboot -> /sbin/init.d/ipfboot

** Maybe my system is unique (it is an upgrade to HP-UX 11i and not a cold install). I found that ipfboot was starting before syslogd. Since my IPMON_FLAGS were set to log to syslogd, ipmon must have silently failed when syslogd wasn't available.

The fix was simple, I renamed S131ipfboot to S231ipfboot so it starts very soon after syslogd.

I did a reboot to test and it verified. ipmon now starts at boot and logs to syslog.

Hope this helps someone else out there! If my system is not unique, perhaps the maintainer of the HP IPF depot can change the boot/start link to be a little later in runlevel 2.
0 Kudos
Reply
Brian McEntire
Frequent Advisor

‎08-08-2003 06:02 PM

‎08-08-2003 06:02 PM

Re: ipfilter (ipf) not logging when started by ipfboot

Cancel that... ipmon -sD is now running (automatically) after boot. But it still logs nothing via syslog.

In my /etc/syslog.conf file I have both
*.info /var/adm/syslog/syslog.log

and

local0.info /var/adm/fw.log

and I touched fw.log

and hup'd syslog


... ipmon will dump packets to stdout if started with no parameters, but I can't get it to log via syslog and I'd really like to get that working so I can log to a log host already used by other hosts.

Ideas?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.