ipmon syslog facility in FreeBSD 6.0
Toomas Aas
toomas.aas at raad.tartu.ee
Thu Dec 8 02:13:01 PST 2005
Hello!
What syslog facility is ipmon using on FreeBSD 6.0? From the
documentation I don't see that anything is supposed to be changed from
5.4, where it was 'security'. So on my freshly-installed FreeBSD 6.0 I
made modifications to /etc/syslog.conf similar to those that work on
5.4. Basically I added this as the first uncommented line to
/etc/syslog.conf
security.* /var/log/ipfilter
However, nothing is logged to /var/log/ipfilter. I'm using the default
value for ipmon_flags in /etc/rc.conf and ps output shows that
'/sbin/ipmon -Ds' is running. At the same time, ipfstat -ih shows
increasing number of hits on rules which have 'log' keyword in them. The
logfile /var/log/ipfilter exists and is mode 0600, owner root:wheel.
When I enable all.log in syslog.conf, ipmon messages are logged to
all.log. So it seems like I'm not using the correct facility for
/var/log/ipfilter. How can I find out what the correct facility is? I
tried reading the source, but it's beyond my comprehension (except
contrib/ipfilter/Makefile, which seems to imply that it's still 'security').
More information about the freebsd-questions
mailing list