IPMON log to syslog doesn't work

[Anton Shterenlikht]

On Tue, Feb 26, 2008 at 03:42:51PM +0100, Mel wrote:
> On Tuesday 26 February 2008 15:25:37 Anton Shterenlikht wrote:
> > On Tue, Feb 26, 2008 at 03:09:14PM +0100, Mel wrote:
> > > On Tuesday 26 February 2008 14:20:32 Anton Shterenlikht wrote:
> > > > I'm trying to troubleshoot my ipfilter firewall, and I cannot get any
> > > > log data, i.e. /var/log/ipfilter.log is empty.
> > >
> > > Does:
> > > # logger -p security.notice test
> > > put anything in the log?
> >
> > yes:
> >
> > # logger -p security.notice test
> > # cat /var/log/ipfilter.log
> > Feb 26 00:00:00 mech-cluster238 newsyslog[21510]: logfile turned over
> > Feb 26 14:17:07 mech-cluster238 mexas: test
> > # cat /var/log/security
> > Jul 20 10:52:47  newsyslog[463]: logfile first created
> > Feb 26 14:17:07 mech-cluster238 mexas: test
> > #
> >
> > so what does this mean?
> 
> That syslog works correctly and it's really ipmon. Are you sure it's running? 
> How about ipmon -s (without the -D), does that turn up in syslog?

# ipmon -s&
[1] 23892
# ps ax | grep ipmon
23892  p0  S      0:00.11 ipmon -s
23908  p0  R+     0:00.00 grep ipmon
#

but the logs are still empty:

# cat /var/log/ipfilter.log
Feb 26 00:00:00 mech-cluster238 newsyslog[21510]: logfile turned over
Feb 26 14:17:07 mech-cluster238 mexas: test
# cat /var/log/security
Jul 20 10:52:47  newsyslog[463]: logfile first created
Feb 26 14:17:07 mech-cluster238 mexas: test
#

however:

# ipmon -D
26/02/2008 14:49:59.202056 3x dc0 @0:1 b 137.222.187.22,1004 -> 255.255.255.255,
1004 PR udp len 20 67 IN broadcast
26/02/2008 14:50:13.064314 2x dc1 @0:1 b 10.10.10.7,520 -> 10.10.10.255,520 PR u
dp len 20 72 IN broadcast
^C
#

Perhaps I should play with other ipmon flags as well?

thanks
anton

-- 
Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 928 8233 
Fax: +44 (0)117 929 4423