ipfilter question
Parv
parv at pair.com
Tue Dec 13 18:16:24 PST 2005
in message <20051213164227.0cb04489.europa100 at comcast.net>,
wrote Rob Lytle thusly...
>
>
>
> > > Here's my setup:
...
> > > in /etc/syslog.conf
> >
> > yes, there is no other security.* facility, actually i got it
> > working
Please keep the attribution & attribute the respective authors.
> I have the problem that ipmon logs to /var/log/messages and nothing
> goes to /var/log/ipf.log. Even after using the info in this thread.
> I am using local0 as was suggested for FreeBSD 6.0. Earlier I was
> using security.* which didn't work either. I suppose that at the
> least, I need to remove something from the /var/log/messages line.
>
...
> *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
> local0.* /var/log/ipf.log
Like "authpriv.none" to stop auth messages going into
"/var/log/messages", you will need to add "local0.none" (or replace
"local0" w/ whatever the actual facility is used) after "*.notice;".
According to ipmon(8) on 5.4, passed & logged packets are logged w/
level of 'notice'. So you should be seeing only the passed packets in
'/var/log/messages'. Rest of the messages, will go wherever
(local0|security|*).(info|warn|err) messages go.
Or, you could ...
- give a file name to ipmon(8) to log messages in
- remove the "-s" option to not to log via syslogd(8)
- put the <ipmon facility>.none, in "/etc/syslog.cong", to avoid
other files receiving ipf messages.
- adjust /etc/newsyslog.conf to properly rotate the ipmon log
files.
Don't forget to read up on syslog.conf(5), newsyslog.conf(5),
and ipmon(8) in any case.
- Parv
--
More information about the freebsd-questions
mailing list