From owner-freebsd-questions Sat Dec 14 12:58:16 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 037BC37B401 for ; Sat, 14 Dec 2002 12:58:15 -0800 (PST) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id F2D3C43EC5 for ; Sat, 14 Dec 2002 12:58:12 -0800 (PST) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.gr (patr530-a031.otenet.gr [212.205.215.31]) by mailsrv.otenet.gr (8.12.6/8.12.6) with ESMTP id gBEKw7D1010274; Sat, 14 Dec 2002 22:58:08 +0200 (EET) Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.12.6/8.12.6) with ESMTP id gBEKw1H9000959; Sat, 14 Dec 2002 22:58:07 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by gothmog.gr (8.12.6/8.12.6/Submit) id gBEKCUZD000634; Sat, 14 Dec 2002 22:12:30 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Date: Sat, 14 Dec 2002 22:12:30 +0200 From: Giorgos Keramidas To: Erwan Breton Cc: freebsd-questions@freebsd.org Subject: Re: Kernel log messages Message-ID: <20021214201230.GA607@gothmog.gr> References: <200212141214.42931.breton@cri.ensmp.fr> <3DFB23FA.60803@liwing.de> <20021214132332.GA35991@gothmog.gr> <200212141604.34200.breton@cri.ensmp.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200212141604.34200.breton@cri.ensmp.fr> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2002-12-14 16:04, Erwan Breton wrote: > On Saturday 14 December 2002 14:23, Giorgos Keramidas wrote: > > On 2002-12-14 13:28, Jens Rehsack wrote: > > > Erwan Breton wrote: > > > >Since i have activate the firewall on my Box, I have many kernel > > > >log messages in my security check output every night. the problem > > > >is, i don't see anymore interessant messages like bad login. > > > > > > > >athena kernel log messages: > > > >>ipfw: 600 Deny TCP 80.14.195.215:3795 10.255.255.250:4661 out via tun0 > > > >>ipfw: 800 Deny TCP 80.14.195.215:3801 192.168.10.210:4661 out via tun0 > > > >>ipfw: 800 Deny TCP 80.14.195.215:3810 192.168.1.77:4661 out via tun0 > > > >>ipfw: 1600 Deny ICMP:3.3 192.168.1.2 80.14.195.215 in via tun0 > > > >>ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0 > > > >>ipfw: 700 Deny TCP 80.14.195.215:4198 172.16.1.50:4661 out via tun0 > > > >>Etc .. etc .. etc ... > > > > > > It seems you use rules which locks the blocked packets. If you sent > > > your firewall config, I can say you which rules do that. > > > > Actually the rule numbers are listed above too. Rules 600, 700, 800, > > 1600 and 4000 are the ones that log denied packets. Deleting the > > 'log' keyword from those rules will make sure that logs are kept a bit > > more clean. > > humm, it's an idea but no way to log ipfw messages AND have only kernel > messages in security check output ? Can you try the following patch to /etc/periodic/security ? %%% diff -u security.functions.orig -r1.2 security.functions --- security.functions.orig 16 Nov 2002 14:58:39 -0000 +++ security.functions 14 Dec 2002 20:00:41 -0000 @@ -44,6 +44,9 @@ if [ "$1" = "new_only" ]; then shift filter="grep '^>'" + if [ "$2" = "dmesg" ]; then + filter="${filter} | grep -v 'ipfw:'" + fi else filter="cat" fi %%% To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message