Hi all,
Please, need help there ...
Ubuntu 8.04 server running Webmin 1.450 (french version)
I had the bad idea to launch the bandwidth monitor module ... which overdrives /var/log/syslog with its messages
The very bad thing is that I have no button to stop it in Webmin ...
I have tried to install the module, but entries for eth0 are still present in /var/log/syslog
Would you please help me to stop this bandwidth monitoring ?
I had a look in /etc/syslog.conf and found nothing different from other systems ...
For sure I can stop the klogd service but it isn't what I want : I just want to stop this bandwith monitor module ...
Thanks in advance fior your time.
Greetings from South Pacific !
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for your answer.
I don't use the firewall module but shorewall one (that I have configured manually : without webmin).
I have compared the shorewall files & conf with a normal Shorewall config installed on another server, I can't find any difference ...
I have found the turnoff.cgi file in the bandwidth.wbm install module, but I can't launch it manually (says : can't find bandwidth-lib.pl)
I think I need to find a way to call this script via a button on the module configuration page.
I'll post a bug report anyway as I think it it's not normal to waste so much time to stop this monitor ...
Any other ideas are welcome ...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
i don't understand since once bandwidth monitoring is installed then you get the option
'turn off monitoring'
Click this button to remove the firewall rules, syslog configuration and Cron job used for bandwidth monitoring. All existing collected data will remain untouched.
do you see the log rules when you use the webmin module for shorewall firewall ?
Did it detect shorewall as the active firewall when you enabled bandwidth monitoring ?
Are there by any chance both shorewall and iptables active ? check the later via iptables -l at command line or via webmin module.
i have switched bm on/off on sites quite regularly without issue (my only issue is the default location of the bandwidth files in /etc/webmin/bandwidth instead of /var/webmin/bandwidth)
d.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks once more for your answer !
Shorewall firewall is only an interface to configure iptables so they are both installed.
To answer your questions :
- No, I don't see any explicite log rule in shorewall config module.
- Yes Shorewall is well detected by the 'automatic detection'
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
OK with a :
sudo iptables -L
I can see the first lines :
Chain INPUT (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere LOG level debug prefix `BANDWIDTH_IN:'
These are all the logging infos I get in syslog (BANDWIDTH_IN)
I need to find how to delete the entry (iptables are not my best knowledge, reason why I opted for Shorewall ;) )
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have tried to use 'Linux Firewall' module (I supposed it's the one you're talking about) but I'm told I'm using 'Shorewall firewall' so I can't see anything ...
I've gone for :
sudo iptables -L --line (this show the line numbers in chains)
then I delete the unwanted line (1st one in INPUT chain)
sudo iptables -D INPUT 1
This as stopped the garbage in /var/log/syslog (at least for INPUT logs, I'll check later if other unwanted lines appear).
Thanks a lot for your time !
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
OK, just to finish this topic :
I know that it was somewhere in the Shorewall config files that these logging lines where written to syslog (when I restarted Shorewall, logs appeared again)
I haven't been able to find where ...
I had to stop Shorewall, remove & purge Shorewall, re-install & reconfigure it.
I don't like to say hard words, but I have never had any troubles with servers without webmin, I've been asked to install it to allow access to a GUI user and I have experienced bad things ...
My 2 cents ...
Thanks once more delleray for your quick & efficient help !
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Well, I have succeed to display the 'stop' button by editing /usr/share/webmin/bandwidth/index.cgi file.
Near the end is a code :
if ($access{'setup'}) {
# Show button to turn off reporting
print &ui_buttons_row("turnoff.cgi", $text{'index_turnoff'},
$text{'index_turnoffdesc'});
}
I have copied this section at the end of the file:
print &ui_buttons_row("turnoff.cgi", $text{'index_turnoff'},
$text{'index_turnoffdesc'});
The bad thing is that it doesn't stop these heavy logging at all ...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
you are bypassing the security acl for the module (which stops the button being displayed if you are not allowed to).
enabling the button doesn't enable the code that setups/removes monitoring as that will have another check for the security acl to stop url injection of the stop cgi.
check your user settings for the bandwidth module.
and again i respectively suggest you check that the rules are not in another firewall.
d.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi all,
Please, need help there ...
Ubuntu 8.04 server running Webmin 1.450 (french version)
I had the bad idea to launch the bandwidth monitor module ... which overdrives /var/log/syslog with its messages
The very bad thing is that I have no button to stop it in Webmin ...
I have tried to install the module, but entries for eth0 are still present in /var/log/syslog
Would you please help me to stop this bandwidth monitoring ?
I had a look in /etc/syslog.conf and found nothing different from other systems ...
For sure I can stop the klogd service but it isn't what I want : I just want to stop this bandwith monitor module ...
Thanks in advance fior your time.
Greetings from South Pacific !
Electro,
Use the firewall module and remove the lines which log incoming and outgoing packets and then apply configuration.
The bandwidth monitoring (usually) has an option to do that for you.
d.
Thanks for your answer.
I don't use the firewall module but shorewall one (that I have configured manually : without webmin).
I have compared the shorewall files & conf with a normal Shorewall config installed on another server, I can't find any difference ...
I have found the turnoff.cgi file in the bandwidth.wbm install module, but I can't launch it manually (says : can't find bandwidth-lib.pl)
I think I need to find a way to call this script via a button on the module configuration page.
I'll post a bug report anyway as I think it it's not normal to waste so much time to stop this monitor ...
Any other ideas are welcome ...
i don't understand since once bandwidth monitoring is installed then you get the option
'turn off monitoring'
Click this button to remove the firewall rules, syslog configuration and Cron job used for bandwidth monitoring. All existing collected data will remain untouched.
do you see the log rules when you use the webmin module for shorewall firewall ?
Did it detect shorewall as the active firewall when you enabled bandwidth monitoring ?
Are there by any chance both shorewall and iptables active ? check the later via iptables -l at command line or via webmin module.
i have switched bm on/off on sites quite regularly without issue (my only issue is the default location of the bandwidth files in /etc/webmin/bandwidth instead of /var/webmin/bandwidth)
d.
Thanks once more for your answer !
Shorewall firewall is only an interface to configure iptables so they are both installed.
To answer your questions :
- No, I don't see any explicite log rule in shorewall config module.
- Yes Shorewall is well detected by the 'automatic detection'
well if there is NO firewall log rule how is syslog being updated by the packet logging ?
you can use the iptables firewall webmin module to 'look' at any iptable rule set...
d.
OK with a :
sudo iptables -L
I can see the first lines :
Chain INPUT (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere LOG level debug prefix `BANDWIDTH_IN:'
These are all the logging infos I get in syslog (BANDWIDTH_IN)
I need to find how to delete the entry (iptables are not my best knowledge, reason why I opted for Shorewall ;) )
please just TRY using the webmin iptables firewall module
and you will find it's easy to remove that line..
(and the others that may be in OUTPUT)
d.
I have tried to use 'Linux Firewall' module (I supposed it's the one you're talking about) but I'm told I'm using 'Shorewall firewall' so I can't see anything ...
I've gone for :
sudo iptables -L --line (this show the line numbers in chains)
then I delete the unwanted line (1st one in INPUT chain)
sudo iptables -D INPUT 1
This as stopped the garbage in /var/log/syslog (at least for INPUT logs, I'll check later if other unwanted lines appear).
Thanks a lot for your time !
OK, just to finish this topic :
I know that it was somewhere in the Shorewall config files that these logging lines where written to syslog (when I restarted Shorewall, logs appeared again)
I haven't been able to find where ...
I had to stop Shorewall, remove & purge Shorewall, re-install & reconfigure it.
I don't like to say hard words, but I have never had any troubles with servers without webmin, I've been asked to install it to allow access to a GUI user and I have experienced bad things ...
My 2 cents ...
Thanks once more delleray for your quick & efficient help !
Well, I have succeed to display the 'stop' button by editing /usr/share/webmin/bandwidth/index.cgi file.
Near the end is a code :
if ($access{'setup'}) {
# Show button to turn off reporting
print &ui_buttons_row("turnoff.cgi", $text{'index_turnoff'},
$text{'index_turnoffdesc'});
}
I have copied this section at the end of the file:
print &ui_buttons_row("turnoff.cgi", $text{'index_turnoff'},
$text{'index_turnoffdesc'});
The bad thing is that it doesn't stop these heavy logging at all ...
you are bypassing the security acl for the module (which stops the button being displayed if you are not allowed to).
enabling the button doesn't enable the code that setups/removes monitoring as that will have another check for the security acl to stop url injection of the stop cgi.
check your user settings for the bandwidth module.
and again i respectively suggest you check that the rules are not in another firewall.
d.