ipmon writes to security.* in 5.3
Joe Kraft
hishadow at netcabo.pt
Sun Jan 30 07:18:28 PST 2005
Joe Kraft wrote:
> I have a 5.3-STABLE machine with ipfilter built into the kernel. When
> running ipmon logging to syslog, the information is being dumped to the
> security.* service instead of the local0.* service like the handbook
> says it should.
>
OK I'm feeling a stupid, only a little though...because the info in the
handbook doesn't match the reality (given in the manpage) WRT the
"facility" name used by ipmon.
The handbook
(http://www4.pt.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html)
says:
24.5.7 IPMON Logging
Syslogd uses its own special method for segregation of log data. It uses
special groupings called ``facility'' and ``level''. IPMON in -Ds mode
uses local0 as the ``facility'' name. All IPMON logged data goes to
local0. The following levels can be used to further segregate the logged
data if desired:
The ipmon(8) manpage says:
-s Packet information read in will be sent through syslogd rather
than saved to a file. The default facility when compiled and
installed is security. The following levels are used:
-------------------------
So now I have two more questions.
First, what is the best way to go about getting this fixed so noone else
makes the same mistake I did? A simple post somewhere explaining what's
incorrect, or do I need to create a diff and upload it somewhere?
Second, what else uses the security syslog facility? Is my security log
going to have other things than just my firewall logs that I will now
have to go digging for?
Thanks,
Joe.
More information about the freebsd-questions
mailing list