ipmon writes to security.* in 5.3

Joe Kraft hishadow at netcabo.pt
Sun Jan 30 07:18:28 PST 2005

Joe Kraft wrote:
> I have a 5.3-STABLE machine with ipfilter built into the kernel.  When 
> running ipmon logging to syslog, the information is being dumped to the 
> security.* service instead of the local0.* service like the handbook 
> says it should.

OK I'm feeling a stupid, only a little though...because the info in the 
handbook doesn't match the reality (given in the manpage) WRT the 
"facility" name used by ipmon.

The handbook 
24.5.7 IPMON Logging
Syslogd uses its own special method for segregation of log data. It uses 
special groupings called ``facility'' and ``level''. IPMON in -Ds mode 
uses local0 as the ``facility'' name. All IPMON logged data goes to 
local0. The following levels can be used to further segregate the logged 
data if desired:

The ipmon(8) manpage says:
-s     Packet  information  read in will be sent through syslogd rather 
than saved to a file.  The default facility  when  compiled  and 
installed is security.  The following levels are used:

So now I have two more questions.

First, what is the best way to go about getting this fixed so noone else 
makes the same mistake I did?  A simple post somewhere explaining what's 
incorrect, or do I need to create a diff and upload it somewhere?

Second, what else uses the security syslog facility?  Is my security log 
going to have other things than just my firewall logs that I will now 
have to go digging for?


More information about the freebsd-questions mailing list