v7-rc1
Using vmplayer I installed the rc1 twice and it has this message on the server itself:
This is comes up after installing it and after that, it says before the server login. However it doesn’t seems to affect the server and the NS website.
An iptables kernel module?
kernel message but don’t know which module 
From /var/log/messages (filtered by kernel):
Oct 20 14:40:06 localhost kernel: xt_time: kernel timezone is -0000
Oct 20 14:40:06 localhost kernel: log: failed to register logger
Oct 20 14:40:06 localhost kernel: xt_NFLOG: Unknown symbol nfulnl_log_packet (err 0)
Oct 20 14:40:07 localhost kernel: Bridge firewalling registered
Oct 20 14:40:07 localhost shorewall: Compiling Kernel Route Filtering…
Oct 20 14:40:07 localhost kernel: log: failed to register logger
Oct 20 14:40:07 localhost kernel: xt_NFLOG: Unknown symbol nfulnl_log_packet (err 0)
I think we’re encountering this issue:
http://shorewall-users.narkive.com/qSG43gbi/kernel-ipt-ulog-ulog-fail-to-register-logger
Recap: it’s a harmless message.
I’m using a capabilities file on one system, I’ve seen no issues.
If you want to try, run:
shorewall show -f capabilities > /etc/shorewall/capabilities
3 Likes
so far no more messages at the console after creating a capabilities file as instructed 
Now the log reports:
Oct 20 23:22:28 ns kernel: log: failed to register logger
Oct 20 23:22:28 ns kernel: xt_NFLOG: Unknown symbol nfulnl_log_packet (err 0)
Oct 20 23:22:33 ns kernel: xt_CT: No such helper “ftp-0”
Oct 20 23:22:33 ns kernel: xt_CT: No such helper “irc-0”
Oct 20 23:22:33 ns kernel: xt_CT: No such helper “sane-0”
Oct 20 23:22:33 ns kernel: xt_CT: No such helper “sip-0”
Oct 20 23:22:33 ns kernel: xt_CT: No such helper “tftp-0”
Oct 20 23:22:33 ns kernel: log: failed to register logger
Oct 20 23:22:33 ns kernel: xt_NFLOG: Unknown symbol nfulnl_log_packet (err 0)
explained by shorewall manual:
When configuring your firewall on systems running kernel 3.5 or later, it is recommended that you:
- Set AUTOHELPERS=No.
- Modify the HELPERS setting (see below) to list the helpers that you need.
(…)
such probing generates messages on the system log of the form “xt_CT: No such helper XXX” where XXX is the helper name.
(…)
When HELPERS is specified on a system running Kernel 3.5.0 or later, automatic association of helpers to connections is disabled.
2 Likes
When I run the above command I get this error:
root@server ~]# shorewall show -f capabilities > /etc/shorewall/capabilities
ERROR: LOGFILE (/var/log/firewall.log) does not exist or is not readable!
[root@server ~]#
I don’t have a /var/log/firewall.log file and my capabilities is an empty file. I still get the message “failed to register the logger” on the console when I boot the server.
firewall.log will be created when the first packet gets dropped/rejected.
The capabilities file is empty by default, that mean “auto-detect at every startup”.
I also see this directly after an unattended install on VBox using the RC1 ISO image.
What can be changed to avoid these messages after install?
Maybe it is harmless, but I just think it looks sloppy and potential users might have doubts on using NethServer because of this. At least, if I didn’t know the product, I would think twice to use it if I was slapped with error messages right after a clean install.
5 Likes
root@server ~]# shorewall show -f capabilities > /etc/shorewall/capabilities
ERROR: LOGFILE (/var/log/firewall.log) does not exist or is not readable!
[root@server ~]#
Same with me.
I recreated firewall.log file and now command “shorewall show -f capabilities” and “failed to register the logger” resolved.
[root@server ~]# touch /var/log/firewall.log
1 Like
The error seems to be tied to the presence of /etc/shorewall/modules file, regardless of its content.
Additional info from the shorewall manual:
Same behaviour on a clean NS7 RC3
1 Like
I have the same messages on three machines, all running with NS7 RC3.
Two boxes have the same equipment, motherboard, RAM, hard drives, etc.
greetings
Gerald
The message is harmless:
http://shorewall-users.narkive.com/qSG43gbi/kernel-ipt-ulog-ulog-fail-to-register-logger
It can be avoided only using the capabilities files.
Feel free to create it after the installation.
Thanks for the info and explanation @giacomo
But unsightly, if you turn on the monitor and then the half monitor with this “annoying” message is full.
Makes a bad picture for a user.
greetings
Gerald
1 Like
This works fine for me. No more “failed to register to logger”.
Maybe a stupid question: isn’t it possible to fire this command during installation, so this messages doesn’t appear at all?
Capabilities could change after a kernel upgrade or installation of some iptables modules: we could cover these two cases, but I’m not sure we will miss other cases.
We could ship a capabilities file in our firewall package and update it when we discover that it needs to be updated.
But how can we?
We may try to ask in the shorewall mailing list.
Probably overkill, but (maybe) re-create the capabilities file as the first step of (re-)starting the firewall.
Cheers.
1 Like
It doesn’t resolve the issue: the command “capabilities” is the one which actually does the output.
I know the message is very ugly, but there is no real fix we can do without possible drawbacks on the functional side.
I don’t want to be rude, but the message will remain unless upstream will fix it.
2 Likes