IPFilter section in Handbook needs updating
Chris
eagletree at hughes.net
Fri Dec 5 08:07:37 PST 2008
On Dec 5, 2008, at 7:07 AM, Dean Weimer wrote:
> I was just setting up ipfilter and ipmon on a FreeBSD 7 server, and
> noticed that the ipmon and syslog information under the ipfilter
> section of the handbook is incorrect.
>
A couple of years back, I submitted a one liner to some email
address of a documentation maintainer. I just looked on the
site and couldn't find this address. Instead, it said if you have
a change, it suggested putting in a PR. It sounds like it you
should create a diff of the current wording and your recommended
change.
Here is where I was looking:
http://www.freebsd.org/docproj/submitting.html
> The section reads:
> -----snip-----
> 31.5.7 IPMON Logging
> Syslogd uses its own special method for segregation of log data. It
> uses special groupings called "facility" and "level". IPMON in -Ds
> mode uses security as the "facility" name. All IPMON logged data
> goes to security The following levels can be used to further
> segregate the logged data if desired:
> LOG_INFO - packets logged using the "log" keyword as the action
> rather than pass or block.
> LOG_NOTICE - packets logged which are also passed
> LOG_WARNING - packets logged which are also blocked
> LOG_ERR - packets which have been logged and which can be
> considered short
> To setup IPFILTER to log all data to /var/log/ipfilter.log, you
> will need to create the file. The following command will do that:
> # touch /var/log/ipfilter.log
> The syslog function is controlled by definition statements in the /
> etc/syslog.conf file. The syslog.conf file offers considerable
> flexibility in how syslog will deal with system messages issued by
> software applications like IPF.
> Add the following statement to /etc/syslog.conf:
> security.* /var/log/ipfilter.log
> The security.* means to write all the logged messages to the coded
> file location.
> To activate the changes to /etc/syslog.conf you can reboot or bump
> the syslog task into re-reading /etc/syslog.conf by running /etc/
> rc.d/syslogd reload
> Do not forget to change /etc/newsyslog.conf to rotate the new log
> you just created above.
> -----snip-----
>
> In trying to configure this I found that ipmon -Dsa doesn't log to
> security, but logs to local0 instead. Reading the man page for
> ipmon does in fact state this. However it also list the -L option
> as being able to change this default behavior, I tried ipmon -DSa -
> L security, it excepts this, but doesn't actually change the
> logging to use security. It still only outputs to the syslog using
> local0, I also tried using ipmon -DSa -L local7 as well, still
> outputs to local0. It was easy enough to modify my syslog.conf to
> output the local0.* as well as security.* to the /var/log/security
> file. However it would be greatly appreciated if someone that
> actually understands what's going on here could get this info
> updated. It would have saved me some time, as well as I am sure
> some other people in the future. Of course it's always possible I
> am missing something simple here that is causing this discrepancy,
> please do inform me if I did. It's probably worth mentioning that
> I am starting ipmon using the rc.conf file with ipmon_enable="YES"
> and ipmon_flags="-DSa", just in case the /etc/rc.d/ipmon script
> actually changes the default behavior of ipmon in some way, though
> I didn't see anything in it that should. And ps wwaux | grep ipmon
> does display the process running with the flags exactly as stated
> on the ipmon_flags line of the /etc/rc.conf file.
>
> Thanks,
> Dean Weimer
> Network Administrator
> Orscheln Management Co
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list