firewall messages to syslogd

Daniel Molina Wegener dmw at unete.cl
Sun Oct 30 12:28:40 PST 2005


   On Sun, Oct 30, 2005 at 09:22:39AM -0600,
   Eric F Crist wrote:

> On Oct 29, 2005, at 10:32 PM, Daniel Molina Wegener wrote:
> 
> >
> >Hello,
> >
> >   How can I add firewall log messages to syslogd, I have
> >added the following lines to the syslog.conf:
> >
> ># router
> >+router
> >*.*                     /var/log/router.log
> >
> >   Also, syslogd is running with the flag -a with the ip
> >address of the firewall -- the mask, and service.
> >
> >   The computer receive the packets to the 514 port --
> >I've used tcpdump to log the packets -- but the messages
> >are not logged into the router.log file.
>
>
> Try the following in your /etc/syslog.conf file, assuming you're  
> using ipfw as your firewall:

  No, the problem was while I trying to retreive syslog messages
from a firewall.

> #ipfw logging
> !ipfw
> *.*        /var/log/router.log

  That's OK, and works well, the problem was with an external
firewall/router sending messages to syslogd, port 514. This needs
the use of +host_name to log messages from the host_name machine.

  Well, now it works...

> Now, perform the following command, assuming your running FreeBSD 5.x+:
>
> # touch /var/log/router.log && chmod 0600 /var/log/router.log && /etc/ 
> rc.d/syslogd restart
>
> Let me know what happens....

  Now syslogd is receiving messages from the firewall :)

  Thanks...

> -----
> Eric F Crist
> Secure Computing Networks
> http://www.secure-computing.net
> 
> [SNIP]

Regards
-- 
 . 0 . | Daniel Molina Wegener
 . . 0 | dmw at unete dot cl
 0 0 0 | FreeBSD Power User


More information about the freebsd-questions mailing list