mails every 15 minutes because std err in crontab

Started by Kayakero, Today at 01:27:01 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 01:27:01 PM
this seems like a stupid thing but i can't nobody else is suffering it so i can't believe is not fixed.

I'm using latest OPNsense 25.7.7_4-amd64
I have this in crontab


Code Select
root@OPNsense-VPN:/etc # crontab -l
# or /usr/local/etc/cron.d and follow the same format as
# /etc/crontab, see the crontab(5) manual page.
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
REQUESTS_CA_BUNDLE=/usr/local/etc/ssl/cert.pem
#minute hour    mday    month   wday    command
1       *       *       *       *       (/usr/local/sbin/configctl -d syslog archive) > /dev/null
*/4     *       *       *       *       (/usr/local/sbin/ping_hosts.sh) > /dev/null
0       22      *       *       *       (/usr/local/sbin/configctl -d firmware changelog cron) > /dev/null
0,15,30,45      *       *       *       *       (/sbin/pfctl -t 'virusprot' -T expire '3600') > /dev/null
0,15,30,45      *       *       *       *       (/sbin/pfctl -t 'sshlockout' -T expire '3600') > /dev/null
*       *       *       *       *       (/usr/local/bin/flock -n -E 0 -o /tmp/updaterrd.lock /usr/local/opnsense/scripts/health/updaterrd.php) > /dev/null
1       3       1       *       *       (/usr/local/sbin/configctl -d filter schedule bogons) > /dev/null
*       *       *       *       *       (/usr/local/bin/flock -n -E 0 -o /tmp/filter_update_tables.lock /usr/local/opnsense/scripts/filter/update_tables.py --quick) > /dev/null


If i run the /sbin/pfctl the redirection of stdout in not enough because you get "0/0 addresses expired." in stderr

Code Select
root@OPNsense-VPN:/etc # (/sbin/pfctl -t 'virusprot' -T expire '3600') > /dev/null
0/0 addresses expired.

because of this i'm getting mails every 15 minutes ( output in crontab )

i've fixed adding 2>&1 but it was lost after because an update I think.


anyway this seems like a pretty stupid thing or I am missing something and I'm the stupid one?

thanks.

Today at 01:31:34 PM #1
Can you try pfctl -q ? it's a bit of a bold decision to add diagnostic values to utility's stderr output.


Cheers,
Franco
Today at 01:44:53 PM #2

ok, that's better. no output and it won't prevent real errors popping out in the future

Code Select
( /sbin/pfctl -q -t 'sshlockout' -T expire '3600' )
but the real question is, nobody else is suffering this ?
I don't have customized anything, those 2 crontab came like that in the standard installation I suppose.

I'm afraid i will lose that fix after an update or something.
Today at 01:47:48 PM #3
For everyone else. Works on my end as well:

# opnsense-patch https://github.com/opnsense/core/commit/30987d973ad

> but the real question is, nobody else is suffering this ?

I think most don't subscribe to system mail and or do not forward it.

The regression is relatively recent though since we used to use expiretable for that purpose, not pfctl:

> community/25.7/25.7:o firewall: removed the expiretable binary use in favour of the builtin pfctl


Cheers,
Franco
Today at 02:23:30 PM #4
that makes sense ... I actually just noticed when kept getting "You have new mail" in the console while I was debugging something else ... Probably won't even notice it it weren't for that ...
Today at 03:57:14 PM #5
Yep, thanks a lot for the report! :)


Cheers,
Franco
Print
Go Up Pages1
User actions